Satya Nadella, the Chief Executive Officer, shared the below communication to the employees of Microsoft. In light of the significant attention and discussion this announcement has garnered, it has been made publicly available as an official record.

Today, I want to talk about something critical to our company’s future: prioritizing security above all else.

Microsoft runs on trust, and our success depends on earning and maintaining it. We have a unique opportunity and responsibility to build the most secure and trusted platform that the world innovates upon.

The recent findings by the Department of Homeland Security’s Cyber Safety Review Board (CSRB) regarding the Storm-0558 cyberattack, from summer 2023, underscore the severity of the threats facing our company and our customers, as well as our responsibility to defend against these increasingly sophisticated threat actors.

Last November, we launched our Secure Future Initiative (SFI) with this responsibility in mind, bringing together every part of the company to advance cybersecurity protection across both new products and legacy infrastructure. I’m proud of this initiative, and grateful for the work that has gone into implementing it. But we must and will do more.

Going forward, we will commit the entirety of our organization to SFI, as we double down on this initiative with an approach grounded in three core principles:

Secure by Design: Security comes first when designing any product or service.
Secure by Default: Security protections are enabled and enforced by default, require no extra effort, and are not optional.
Secure Operations: Security controls and monitoring will continuously be improved to meet current and future threats.

These principles will govern every facet of our SFI pillars as we: Protect Identities and Secrets, Protect Tenants and Isolate Production Systems, Protect Networks, Protect Engineering Systems, Monitor and Detect Threats, and Accelerate Response and Remediation. We’ve shared specific, company-wide actions each of these pillars will entail — including those recommended in the CSRB’s report — which you can learn about here. Across Microsoft, we will mobilize to implement and operationalize these standards, guidelines, and requirements and this will be an added dimension of our hiring and rewards decisions. In addition, we will instill accountability by basing part of the compensation of the senior leadership team on our progress towards meeting our security plans and milestones.

We must approach this challenge with both technical and operational rigor, and with a focus on continuous improvement. Every task we take on – from a line of code, to a customer or partner process – is an opportunity to help bolster our own security and that of our entire ecosystem. This includes learning from our adversaries and the increasing sophistication of their capabilities, as we did with Midnight Blizzard. And learning from the trillions of unique signals we’re constantly monitoring to strengthen our overall posture. It also includes stronger, more structured collaboration across the public and private sector.

Security is a team sport, and accelerating SFI isn’t just job number one for our security teams – it’s everyone’s top priority and our customers’ greatest need.

If you’re faced with the tradeoff between security and another priority, your answer is clear: Do security. In some cases, this will mean prioritizing security above other things we do, such as releasing new features or providing ongoing support for legacy systems. This is key to advancing both our platform quality and capability such that we can protect the digital estates of our customers and build a safer world for all.


The post Prioritizing security above all else appeared first on The Official Microsoft Blog.

​ The Official Microsoft Blog

about Infinite Loop Digital

We support businesses by identifying requirements and helping clients integrate AI seamlessly into their operations.

Gartner Digital Workplace Summit Generative Al

GenAI sessions:

  • 4 Use Cases for Generative AI and ChatGPT in the Digital Workplace
  • How the Power of Generative AI Will Transform Knowledge Management
  • The Perils and Promises of Microsoft 365 Copilot
  • How to Be the Generative AI Champion Your CIO and Organization Need
  • How to Shift Organizational Culture Today to Embrace Generative AI Tomorrow
  • Mitigate the Risks of Generative AI by Enhancing Your Information Governance
  • Cultivate Essential Skills for Collaborating With Artificial Intelligence
  • Ask the Expert: Microsoft 365 Copilot
  • Generative AI Across Digital Workplace Markets
10 – 11 June 2024

London, U.K.