Cybersecurity has become a collective duty that spans both the public and private sectors, said Brad Smith, vice chair and president at Microsoft, when opening his testimony before the US House Homeland Security Committee in June 2024. His statement was underscored by a year of escalating cyberthreats.
The Microsoft Digital Defense Report 2024 identifies Russian-backed hackers, such as Star Blizzard, as having advanced their attempts to target governments, journalists and researchers with spear-phishing tactics like personalised emails. North Korean actors siphoned billions from cryptocurrency markets to fund state initiatives and Iranian groups have adopted ransomware and criminal tactics to disrupt firms around the world. These threats, plus those from non-nation-state hackers, highlight the urgency for businesses to rethink their security strategies, balancing resilience with rapid response to safeguard critical systems and data.
“We recognise that Microsoft plays a unique and critical cybersecurity role,” said Smith to the House Homeland panel. “Not only for our customers, but for this country. And not only for this country, but for this nation’s allies. This role reflects the wide range of products and services Microsoft provides to individuals and organisations, including cloud services that operate through data centres located in 32 countries around the world. It also reflects the broad cybersecurity work we undertake every day, including for and in close collaboration with the US and numerous allied governments.”
Brad Smith presented testimony on behalf of Microsoft before the US House Homeland Security Committee in June 2024
Microsoft tracks threat actors to understand their attack targets, techniques and motivation. In 2024 alone, the number of actors traced increased by more than five times, according to the Digital Defense Report. Password attacks occurred at a rate of more than 7,000 per second (up from 579 per second in 2021), and the mean time for the average organisation to identify a data breach was 194 days with containment at 64 days. That’s more than sufficient time for bad actors to exploit vulnerabilities, compromise sensitive data and cause significant financial and reputational damage.
“If 2024 taught us anything, it’s that a proactive, no-compromises approach to security is essential for 2025 and beyond,” writes Joy Chik, president of identity and network access at Microsoft, in a blog titled ‘Three priorities for adopting proactive identity and access security in 2025’. “Adopting proactive defensive measures is the only way to get ahead of such determined efforts to compromise identities and gain access to your environment.”
Microsoft launched the Secure Future Initiative in November 2023 to improve how it builds and operates its technology to meet security standards. In May 2024, chairman and CEO Satya Nadella made security Microsoft’s top priority and dedicated the equivalent of 34,000 engineers to the “largest cybersecurity engineering project in history” to address high-priority security tasks.
The initiative is based on six pillars that protect identities and secrets; protect tenants and isolate systems; protect networks; protect engineering systems; monitor and detect cyberthreats: and accelerate response and remediation.
To lead by example, Microsoft is strengthening its own defences. As part of the ‘protect tenants and isolated systems’ pillar, Microsoft carried out a full inventory of its own environment in a process Chik refers to as a “thorough spring cleaning” and subsequently deleted 730,000 unused applications and removed 5.75 million inactive tenants.
Microsoft also implemented multifactor authentication (MFA) to encourage secure-by-default practices with customers, a key principle of the initiative. In a 2023 research paper, How effective is multifactor authentication at deterring cyberattacks?, Microsoft reveals that over 99 per cent of MFA-enabled accounts remained secure during its investigation. It also found that MFA reduces the risk of compromise by 99 per cent.
“Based on these results, we strongly advocate for the default implementation of MFA in commercial accounts to increase security and mitigate unauthorised access risks,” writes Microsoft’s research team.
Microsoft has required MFA for any user signing into the Azure portal and the Microsoft Entra and Intune admin centres since October 2024 and enforced the mandate for the Microsoft 365 admin centre in February 2025. Phase two will roll out later in 2025, extending MFA enforcement to Azure CLI, Azure PowerShell, Azure mobile app and infrastructure-as-code tools, with recommendations to migrate user-based service accounts to workload identities.
Safeguarding AI initiatives
In 2024 alone, generative AI usage jumped from 55 to 75 per cent among business leaders and AI decision-makers, according to IDC’s 2024 AI opportunity study. As AI adoption accelerates, many organisations have begun using AI tools to answer customer service questions, automate repetitive or mundane tasks, speed up product development and more.
“Over 95 per cent of organisations are implementing or developing an AI strategy, which necessitates the need for accompanying data protection and governance strategies,” says Vasu Jakkal, corporate vice president of Microsoft Security.
For example, global telecommunications provider Vodafone is using a virtual assistant called TOBi, powered by Microsoft Azure and Copilot, to handle its large number of customer enquiries. Lloyds Banking Group has developed an application with Microsoft Power Apps and Azure AI Services for its customers to communicate with employees in their preferred language. However, if unmonitored, these tools have the potential to render organisations vulnerable to malicious prompt attempts. Cybercriminals achieve this by tricking AI models into ignoring system rules.
Organisations need to monitor AI models designed to improve customer experiences, such as those who bank online, to avoid cybercriminals manipulating the technology
“There are two types of prompt attacks,” writes Vanessa Ho in the Microsoft blog post on ‘Safeguarding AI against jailbreaks’. “One is a direct prompt attack known as a jailbreak, like if the customer service tool generates offensive content at someone’s coaxing, for example. The second is an indirect prompt attack, say if the email assistant follows a hidden, malicious prompt to reveal confidential data.
“To help protect against jailbreaks and indirect attacks, Microsoft has developed a comprehensive approach that helps AI developers detect, measure and manage the risk. It includes Prompt Shields, a fine-tuned model for detecting and blocking malicious prompts in real time, and safety evaluations for simulating adversarial prompts and measuring an application’s susceptibility to them.”
While generative AI can create vulnerabilities, it also helps to combat cyberthreats. Microsoft’s Azure AI Foundry helps AI developers detect, measure and manage the risk of jailbreaks and indirect attacks. “We launched Microsoft Security Copilot in April 2024, which helps level the playing field,” says Jakkal. It does this by using Microsoft’s security data and OpenAI’s GPT models to simplify tasks. “That’s why I love generative AI – because I think this tool is going to make it easy for everyone to become a defender.”
Organisations using Security Copilot experienced a 30 per cent reduction in average time to resolve security incidents, according to Microsoft’s Generative AI and Security Operations Center Productivity: Evidence from Live Operations report. And IT admins using Copilot in the Microsoft Entra admin centre spent 45 per cent less time troubleshooting sign-ins and increased accuracy by 47 per cent.
Oregon State University, for example, is using Security Copilot alongside Microsoft Sentinel and Defender to automatically process security incident tickets. Automation allows the university to more efficiently query ticket generation so that security analysts can concentrate on higher-priority incidents like system intrusions or potential data breaches instead of routine administrative tasks. Meanwhile, materials manufacturer Eastman is using the solution to upskill its security analysts with step-by-step guidance for response and faster threat remediation. The team also uses Defender solutions to protect workloads in its apps across its Microsoft 365 E5 license.
“We work in a world where every second matters,” says David Yates, senior cybersecurity analyst at Eastman. “Attackers can move very quickly, so we need to understand how the attack is being deployed and where. Efficiency is crucial.”
Security Copilot uses AI to trace security incidents to specific IP addresses, relating clues that may at first seem random and unconnected to expose a larger threat.
“AI gives the asymmetric advantage to the defender over the attacker,” says Charlie Bell, executive vice president of Microsoft Security. “We don’t have access to all the data, and we can’t see the whole environment. [This means that we] can’t see how an attacker would get from one thing to another. The beauty of AI is that it can see everything, and we can finally reason across a vast space that no human can get to because we can’t perceive everything within our surface area.”
Partner perspectives
We asked selected Microsoft partners how they are working with Microsoft to better protect organisations from cyberthreats.
“Armor’s deep partnership with Microsoft as a security solutions partner empowers organisations to combat cyberthreats better,” says David Fatovic, director of strategic alliances for Armor Defense. “As a member of the Microsoft Intelligent Security Association, we collaborate with Microsoft’s go-to-market, product and specialist teams to optimise the deployment and management of Microsoft’s security tools.”
“We’re working with Microsoft by enhancing Defender with Huntress’s fully-managed endpoint and identity threat detection and response for Microsoft 365 environments, managed by Huntress's 24/7 elite team of threat hunters,” says Chris Bisnett, chief technology officer and co-founder of Huntress. “These two offerings maximise the value of existing Microsoft licenses and add an extra layer of protection from endpoint threats, session hijacking, credential threat and more.”
“Microsoft’s security ecosystem enables us to take a holistic approach to helping businesses strengthen their security posture,” says Nathan Jamieson, chief information security officer at Atech x Iomart. “With comprehensive protection across endpoints, email and cloud through Defender, organisations can secure their entire digital environment.”
“At Lighthouse, our deep collaboration with Microsoft is a strategic advantage in protecting organisations from cyberthreats,” says Ron Markezich, CEO of Lighthouse. “We work directly with Microsoft Security engineers, marketing teams and advisory councils to stay ahead of evolving risks in data security, compliance and generative AI.”
Microsoft’s Herain Oberoi presented Lighthouse’s Tara Ragan and Erick Bronson with the Compliance & Privacy Trailblazer award at the Microsoft Security Excellence Awards 2024
“M-Files has been built with Microsoft technologies, runs on Azure and is monitored by Fabric,” says Ville Somppi, senior vice president of industry solutions at M-Files. “We tap into all the available security, threat detection and cyber capabilities in the Microsoft stack.”
“Users with Microsoft environments can use YubiKey, a hardware security key by Yubico, for phishing-resistant, multifactor and passwordless authentication,” says Derek Hanson, vice president of standards and alliances at Yubico. “The YubiKey is currently the only FIPS certified phishing-resistant solution available for Entra ID on mobile.”
Read more from these partners in the Spring 2025 issue of Technology Record. Don’t miss out – subscribe for free today and get future issues delivered straight to your inbox.