By Alice Chambers |
Microsoft is aligning security performance not only with its products but also with internal culture and governance, according to the November 2025 Secure Future Initiative Progress Report.
“We’re sharing our latest progress report that reflects steady progress in every area and engineering pillar, underscoring our commitment to security above all else,” said Charlie Bell, executive vice president of Microsoft Security.
On the engineering side, “Azure enforced secure defaults, expanded hardware-based trust and updated security benchmarks to improve cloud security,” said Bell. A new ‘AI Administrator’ role in Microsoft 365 also gives organisations more control and visibility or data security.
For culture, Microsoft is “fostering a security-first mindset”, according to Bell, with 95 per cent of employees having completed newly‑released training aimed at defending against AI‑powered cyberattacks.
In governance, Microsoft has expanded its Cybersecurity Governance Council to include three additional Deputy Chief Information Security Officers functions covering third parties, business functions such as finance, and compliance with EU cybersecurity regulations.
Microsoft has also enforced phishing‑resistant multifactor authentication for 99.6 per cent of its employees and devices. More than 50 new detection tools have been deployed across its infrastructure and $17 million awarded to encourage responsible vulnerability disclosure.
Looking ahead, Bell says that Microsoft will continue to prioritise high‑risk areas, accelerate security innovation and harness AI for faster anomaly detection and automated remediation.