{"id":26022,"date":"2025-10-07T10:22:08","date_gmt":"2025-10-07T18:22:08","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2025\/10\/07\/news-19741\/"},"modified":"2025-10-07T10:22:08","modified_gmt":"2025-10-07T18:22:08","slug":"news-19741","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2025\/10\/07\/news-19741\/","title":{"rendered":"New Microsoft Secure Future Initiative (SFI) patterns and practices: Practical guides to strengthen security"},"content":{"rendered":"

Credit to Author: Hammad Rajjoub| Date: Tue, 07 Oct 2025 16:00:00 +0000<\/strong><\/p>\n

Building on the momentum of our initial launch of the Microsoft Secure Future Initiative (SFI) patterns and practices<\/a>, this second installment continues our commitment to making security implementation practical and scalable. The first release introduced a foundational library of actionable guidance rooted in proven architectures like Zero Trust<\/a>. Now, we\u2019re expanding that guidance with new examples that reflect our ongoing learnings\u2014helping customers and partners understand our strategic approach more deeply and apply it effectively in their own environments.<\/p>\n

\n
Discover more about the Microsoft Secure Future Initiative<\/a><\/div>\n<\/p><\/div>\n

This next set of SFI patterns and practices articles include practical, actionable guidance built by practitioners, for practitioners, in the areas of network, engineering systems, and security response. Each of the six articles includes details on how Microsoft has improved our security posture in each area so customers, partners, and the broader security community can do the same.<\/p>\n

\u202f <\/p>\n

\n\n\n\n\n\n\n\n\n\n
Pattern name<\/strong> <\/td>\nSFI Pillar<\/strong> <\/td>\nWhat it helps you do <\/strong> <\/td>\n<\/tr>\n
Network isolation<\/strong><\/a> <\/strong> <\/td>\nProtect networks <\/td>\nContain breaches by default. Strongly segment and isolate your network (through per-service ACLs, isolated virtual networks, and more) to prevent lateral movement and limit cyberattackers if they get in.<\/td>\n<\/tr>\n
Secure all tenants and their resources<\/strong><\/a> <\/strong> <\/td>\nProtect tenants and isolate systems <\/td>\nHelp eliminate \u201cshadow\u201d tenants. Apply baseline security policies, such as multifactor authentication (MFA), Conditional Access, and more, to every cloud tenant and retire unused ones, so cyberattackers can\u2019t exploit forgotten, weakly-secured environments.<\/td>\n<\/tr>\n
Higher security for Entra ID apps<\/strong><\/a> <\/strong> <\/td>\nProtect tenants and isolate systems <\/td>\nClose identity backdoors. Enforce high security standards for all Microsoft Entra ID (Azure AD) applications\u2014removing unused apps, tightening permissions, and requiring strong authorization\u2014to block common misconfigurations cyberattackers abuse for cross-tenant attacks.<\/td>\n<\/tr>\n
Zero Trust for source code access<\/strong><\/a> <\/strong> <\/td>\nProtecting engineering systems <\/td>\nSecure the dev pipeline. Require proof-of-presence MFA for critical code commits and merges to help ensure only verified developers can push code and stop cyberattackers from surreptitiously injecting changes.<\/td>\n<\/tr>\n
Protect the software supply chain<\/strong><\/a> <\/strong> <\/td>\nProtecting engineering systems <\/td>\nLock down builds and dependencies. Govern your continuous integration and continuous delivery (CI\/CD) pipelines and package management\u2014use standardized build templates, internal package feeds, and automated scanning to block supply chain cyberattacks before they reach production.<\/td>\n<\/tr>\n
Centralize access to security logs<\/strong><\/a> <\/strong> <\/td>\nMonitoring and detecting threats <\/td>\nSpeed up investigations. Standardize and centralize your log collection (with longer retention) so that security teams have unified visibility and can detect and investigate incidents faster\u2014even across complex, multi-cloud environments. <\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/figure>\n

More about SFI patterns and practices<\/strong> <\/h2>\n

Just as software design patterns provide reusable solutions to common engineering problems, SFI patterns and practices offer repeatable, proven approaches to solving complex cybersecurity challenges. Each pattern is crafted to address a specific security risk\u2014legacy infrastructure or inconsistent CI\/CD pipelines\u2014and is grounded in Microsoft\u2019s own experience. Like design patterns in software architecture, these security patterns are modular, extensible, and built for reuse across diverse environments.<\/p>\n

Additionally, each pattern in the SFI patterns and practices library follows a consistent and purposeful structure. Every article begins with a\u202fpattern name<\/strong>\u2014a concise handle that captures the essence of the cybersecurity challenge. The problem<\/strong> section outlines the security risk and its real-world context, helping readers understand why it matters. The solution<\/strong> describes how Microsoft addressed the issue internally. The guidance<\/strong> section provides practical recommendations that customers can consider applying in their own environments. Finally, the implications<\/strong> section outlines the outcomes and trade-offs of implementing the pattern, helping organizations anticipate both the benefits and the operational considerations.<\/p>\n

This structure offers a framework for understanding, applying, and evolving security practices. <\/p>\n

\n
\n
<\/div>\n<\/p><\/div>\n<\/p><\/div>\n

Next steps with SFI<\/h2>\n
\n
\n

\t\t\tApril 2025 progress Report\t\t<\/h2>\n

\t\t\t\t\t\t\t \t\t\t\t\t\tRead the report\t\t\t\t\t\t\t\u2197<\/a> \t\t\t\t\t<\/p>\n<\/p><\/div>\n<\/p><\/div>\n

Security is a journey, and Microsoft is committed to sharing our insights from SFI. Watch for more actionable advice in coming months. SFI patterns and practices provide a roadmap for putting secure architecture into practice. Embracing these approaches enables organizations to advance their security posture, minimize deployment hurdles, and establish environments that are secure by design, by default, and in operations. <\/p>\n

To get access to the full library, visit our new SFI patterns and practices<\/a> webpage. And check out the new SFI video on our redesigned website<\/a> to hear directly from Microsoft leadership about how we are putting security above all else<\/strong>.<\/p>\n

Let\u2019s build a secure future, together <\/strong><\/h2>\n

Talk to your Microsoft account team to integrate these practices into your roadmap. <\/p>\n

\n
Keep up to date with all the SFI updates<\/a><\/div>\n<\/p><\/div>\n

To learn more about Microsoft Security solutions, visit our\u202fwebsite.<\/a> Bookmark the\u202fSecurity blog<\/a>\u202fto keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security<\/a>) and X (@MSFTSecurity<\/a>)\u202ffor the latest news and updates on cybersecurity. <\/p>\n

\n

The post New Microsoft Secure Future Initiative (SFI) patterns and practices: Practical guides to strengthen security<\/a> appeared first on Microsoft Security Blog<\/a>.<\/p>\n

https:\/\/blogs.technet.microsoft.com\/mmpc\/feed\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

Credit to Author: Hammad Rajjoub| Date: Tue, 07 Oct 2025 16:00:00 +0000<\/strong><\/p>\n

Microsoft Secure Future Initiative (SFI)\u00a0patterns\u00a0and\u00a0practices\u00a0are\u00a0practical, actionable, insights from practitioners for practitioners based on Microsoft\u2019s implementation of Zero Trust through the Microsoft Secure Future Initiatives.\u00a0By adopting these patterns, organizations can accelerate their security maturity, reduce implementation friction, and build systems that are more secure by design, default, and in operation.\u202f\u00a0\u200b<\/p>\n

The post New Microsoft Secure Future Initiative (SFI) patterns and practices: Practical guides to strengthen security<\/a> appeared first on Microsoft Security Blog<\/a>.<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[10759,10378],"tags":[],"class_list":["post-26022","post","type-post","status-publish","format-standard","hentry","category-microsoft","category-security"],"_links":{"self":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/26022","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=26022"}],"version-history":[{"count":0,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/26022\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=26022"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=26022"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=26022"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}