\nWe\u2019re excited to launch **Microsoft Secure Future Initiative (SFI) patterns and practices** : a new library of actionable guidance designed to help organizations implement security measures at scale.<\/p>\n
This launch marks the next step in our journey to make our SFI learnings practical for our customers, partners, and broader security ecosystem. These patterns and practices draw from a range of proven security architectures and best practices\u2014including, but not limited to, Zero Trust\u2014operationalized to protect Microsoft\u2019s infrastructure and now shared to help you do the same.<\/p>\n
Discover more about the Microsoft Secure Future Initiative<\/p>\n
## **Why SFI patterns and practices matter**<\/p>\n
Since launching the Secure Future Initiative (SFI) in November 2023, we\u2019ve mobilized the equivalent of more than 34,000 engineers to mitigate risk and improve security for Microsoft and our customers.\u00b9 Guided by three security principles\u2014secure by design, by default, and in operations\u2014we have made measurable progress in the areas of culture, governance, and our six engineering pillars. Still there is more to do and teams across the company are working to improve~~~~ security of every product, address learnings from every incident, and continuously improve our methods and practices.<\/p>\n
Read the latest SFI report from April 2025<\/p>\n
<\/p>\n
Additionally, we have heard feedback from customers and partners that want us to share how we are improving security at Microsoft, not just at the strategic architecture level but also at the implementation and practical level. That\u2019s where **SFI patterns and practices library** comes into play.<\/p>\n
## **What\u2019s in the first wave of SFI patterns and practices?**<\/p>\n
We are launching the first wave of eight pattern and practice articles that help solve the most asked-for, urgent, and complex challenges faced by security practitioners today:<\/p>\n
**Pattern name**| **SFI pillar**| **What it helps you do**
—|—|—
**Phishing-resistant multi-factor authentication** (**MFA)**| Protecting identities and secrets| Traditional MFA is no longer enough. This pattern helps organizations shift to cryptographic, phishing-resistant authentication using FIDO2, passkeys, and certificate-based methods\u2014reducing exposure to credential-based cyberattacks. <\/p>\n
Replace vulnerable MFA with cryptographic, phishing-resistant methods.
**Eliminate identity lateral movement**| Isolating tenants and production systems| Cyberattackers often exploit identity pivot paths to escalate privileges. This pattern outlines how to segment access, enforce Conditional Access, and block risky guest authentication to prevent silent intrusions. <\/p>\n
Prevent cyberattackers from pivoting across tenants and roles.
**Remove legacy systems that risk security**| Isolating tenants and production systems| Unmanaged tenants and legacy infrastructure introduce configuration drift and attack surface. Microsoft removed more than 5.75 million inactive tenants\u2014this pattern shows how you can do the same. <\/p>\n
Decommission unmanaged tenants and legacy infrastructure.
**Standardize secure development pipelines**| Protecting engineering systems| CI\/CD pipelines are often fragmented and inconsistent. This pattern helps you implement governed templates that enforce security gates, encourages creation of Software Bill of Materials (SBOMs) and streamline compliance. <\/p>\n
Use governed CI\/CD templates to enforce security and compliance.
**Complete production infrastructure inventory**| Monitoring and detecting threats| You can\u2019t protect what you can\u2019t see. This pattern guides organizations in building real-time asset inventories, centralizing telemetry, and removing unused applications to reduce risk. <\/p>\n
Maintain real-time visibility into all assets and telemetry.
**Rapid anomaly detection and response**| Monitoring and detecting threats| Modern cyberattackers move fast. This pattern shows how to use AI, user entity and behavior analytics (UEBA), and centralized logging to detect suspicious behavior and automate response\u2014reducing dwell time and improving security operations center (SOC) efficiency. <\/p>\n
Use AI and behavioral analytics to detect and respond to cyberthreats faster.
**Security log retention standards**| Monitoring and detecting threats| Logs are the backbone of detection and forensics. This pattern helps you standardize formats, centralize access, and extend retention to support long-term investigations and compliance. <\/p>\n
Standardize, centralize, and extend log retention for better detection and forensics.
**Accelerate vulnerability mitigation**| Accelerating response and remediation| Effective vulnerability management is critical to reducing risk in complex digital environments by enabling faster, systematic responses to security threats. Automation, integrated workflows, and enriched communications can significantly accelerate mitigation timelines and improve organizational resilience. <\/p>\n
Automate detection, triage, and patching to reduce time-to-mitigate. <\/p>\n
## **Introducing SFI patterns and practices taxonomy**<\/p>\n
<\/p>\n
Just as software design patterns provide reusable solutions to common engineering problems, SFI patterns and practices offer repeatable, proven approaches to solving complex cybersecurity challenges. Each pattern is crafted to address a specific security risk\u2014whether it\u2019s identity lateral movement, legacy infrastructure, or inconsistent continuous integration and continuous delivery (CI\/CD) pipelines\u2014and is grounded in Microsoft\u2019s own experience. Like design patterns in software architecture, these security patterns are modular, extensible, and built for reuse across diverse environments.<\/p>\n
Additionally, each pattern in the SFI patterns and practices library follows a consistent and purposeful structure. Every article begins with a **pattern name** \u2014a concise handle that captures the essence of the cybersecurity challenge. The **problem** section outlines the security risk and its real-world context, helping readers understand why it matters. The **solution** describes how Microsoft addressed the issue internally. The **guidance** section provides practical recommendations that customers can consider applying in their own environments. Finally, the **implications** section outlines the outcomes and trade-offs of implementing the pattern, helping organizations anticipate both the benefits and the operational considerations.<\/p>\n
This structure offers a framework for understanding, applying, and evolving security practices.<\/p>\n
## **Joining the**SFI patterns and practices**** journey<\/p>\n
**SFI patterns and practices** is your guide to turning architecture into action. By adopting these patterns, organizations can accelerate their security maturity, reduce implementation friction, and build systems that are more secure by design, default, and in operation.<\/p>\n
## **What\u2019s coming next?**<\/p>\n
This is just the beginning. In the coming months, we\u2019ll release additional patterns to share more guidance aligned to SFI pillars. Each new pattern will be published on the Microsoft Security blog and on Microsoft’s Secure Future Initiative homepage.<\/p>\n
Keep up to date with all the SFI updates<\/p>\n
## **Get started**<\/p>\n
Explore the first set of patterns:<\/p>\n
* Security blog SFI topic page
* Secure by design: A UX toolkit
* Microsoft Security Tech Community blog
* Microsoft Security X account<\/p>\n
## **Let\u2019s build a secure future, together**<\/p>\n
Talk to your Microsoft account team to integrate these practices into your roadmap. <\/p>\n
To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.<\/p>\n
* * *<\/p>\n
\u00b9Microsoft Secure Future Initiative Report, November, 2024<\/p>\n
The post Sharing practical guidance: Launching Microsoft Secure Future Initiative (SFI) patterns and practices appeared first on Microsoft Security Blog.\n<\/p><\/div>\n
View Advisory Details<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"Security Update News Update Information Title Sharing practical guidance: Launching Microsoft Secure Future Initiative (SFI) patterns and practices Update ID MSSECURE:D2D0A0EBD721A0F67D5A9C6E579134B3 Type mssecure Published 2025-08-06T16:00:00…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[6,8,12,110,13,33,7,11,5],"class_list":["post-9974","post","type-post","status-publish","format-standard","hentry","category-category_news","tag-cve","tag-cvss","tag-exploit","tag-mssecure","tag-news","tag-none","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\n
Sharing practical guidance: Launching Microsoft Secure Future Initiative (SFI) patterns and practices - zero redgem<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/zero.redgem.net\/?p=9974\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Sharing practical guidance: Launching Microsoft Secure Future Initiative (SFI) patterns and practices - zero redgem\" \/>\n<meta property=\"og:description\" content=\"Security Update News Update Information Title Sharing practical guidance: Launching Microsoft Secure Future Initiative (SFI) patterns and practices Update ID MSSECURE:D2D0A0EBD721A0F67D5A9C6E579134B3 Type mssecure Published 2025-08-06T16:00:00...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/zero.redgem.net\/?p=9974\" \/>\n<meta property=\"og:site_name\" content=\"zero redgem\" \/>\n<meta property=\"article:published_time\" content=\"2025-08-06T12:44:31+00:00\" \/>\n<meta name=\"author\" content=\"invoker\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"invoker\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"6 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=9974#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=9974\"},\"author\":{\"name\":\"invoker\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/person\\\/fbfeae8dfad117ac08a7621bee1a1dca\"},\"headline\":\"Sharing practical guidance: Launching Microsoft Secure Future Initiative (SFI) patterns and practices\",\"datePublished\":\"2025-08-06T12:44:31+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=9974\"},\"wordCount\":1207,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\"},\"keywords\":[\"CVE\",\"CVSS\",\"exploit\",\"mssecure\",\"news\",\"NONE\",\"Security\",\"tapic\",\"Vulnerability\"],\"articleSection\":[\"category_news\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/zero.redgem.net\\\/?p=9974#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=9974\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/?p=9974\",\"name\":\"Sharing practical guidance: Launching Microsoft Secure Future Initiative (SFI) patterns and practices - zero redgem\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#website\"},\"datePublished\":\"2025-08-06T12:44:31+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=9974#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/zero.redgem.net\\\/?p=9974\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=9974#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/zero.redgem.net\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Sharing practical guidance: Launching Microsoft Secure Future Initiative (SFI) patterns and practices\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#website\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/\",\"name\":\"zero redgem\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/zero.redgem.net\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\",\"name\":\"zero redgem\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"\",\"contentUrl\":\"\",\"width\":191,\"height\":188,\"caption\":\"zero redgem\"},\"image\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/person\\\/fbfeae8dfad117ac08a7621bee1a1dca\",\"name\":\"invoker\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"caption\":\"invoker\"},\"sameAs\":[\"https:\\\/\\\/zero.redgem.net\"],\"url\":\"https:\\\/\\\/zero.redgem.net\\\/?author=1\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Sharing practical guidance: Launching Microsoft Secure Future Initiative (SFI) patterns and practices - zero redgem","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/zero.redgem.net\/?p=9974","og_locale":"en_US","og_type":"article","og_title":"Sharing practical guidance: Launching Microsoft Secure Future Initiative (SFI) patterns and practices - zero redgem","og_description":"Security Update News Update Information Title Sharing practical guidance: Launching Microsoft Secure Future Initiative (SFI) patterns and practices Update ID MSSECURE:D2D0A0EBD721A0F67D5A9C6E579134B3 Type mssecure Published 2025-08-06T16:00:00...","og_url":"https:\/\/zero.redgem.net\/?p=9974","og_site_name":"zero redgem","article_published_time":"2025-08-06T12:44:31+00:00","author":"invoker","twitter_card":"summary_large_image","twitter_misc":{"Written by":"invoker","Est. reading time":"6 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/zero.redgem.net\/?p=9974#article","isPartOf":{"@id":"https:\/\/zero.redgem.net\/?p=9974"},"author":{"name":"invoker","@id":"https:\/\/zero.redgem.net\/#\/schema\/person\/fbfeae8dfad117ac08a7621bee1a1dca"},"headline":"Sharing practical guidance: Launching Microsoft Secure Future Initiative (SFI) patterns and practices","datePublished":"2025-08-06T12:44:31+00:00","mainEntityOfPage":{"@id":"https:\/\/zero.redgem.net\/?p=9974"},"wordCount":1207,"commentCount":0,"publisher":{"@id":"https:\/\/zero.redgem.net\/#organization"},"keywords":["CVE","CVSS","exploit","mssecure","news","NONE","Security","tapic","Vulnerability"],"articleSection":["category_news"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/zero.redgem.net\/?p=9974#respond"]}]},{"@type":"WebPage","@id":"https:\/\/zero.redgem.net\/?p=9974","url":"https:\/\/zero.redgem.net\/?p=9974","name":"Sharing practical guidance: Launching Microsoft Secure Future Initiative (SFI) patterns and practices - zero redgem","isPartOf":{"@id":"https:\/\/zero.redgem.net\/#website"},"datePublished":"2025-08-06T12:44:31+00:00","breadcrumb":{"@id":"https:\/\/zero.redgem.net\/?p=9974#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/zero.redgem.net\/?p=9974"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/zero.redgem.net\/?p=9974#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/zero.redgem.net\/"},{"@type":"ListItem","position":2,"name":"Sharing practical guidance: Launching Microsoft Secure Future Initiative (SFI) patterns and practices"}]},{"@type":"WebSite","@id":"https:\/\/zero.redgem.net\/#website","url":"https:\/\/zero.redgem.net\/","name":"zero redgem","description":"","publisher":{"@id":"https:\/\/zero.redgem.net\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/zero.redgem.net\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/zero.redgem.net\/#organization","name":"zero redgem","url":"https:\/\/zero.redgem.net\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/zero.redgem.net\/#\/schema\/logo\/image\/","url":"","contentUrl":"","width":191,"height":188,"caption":"zero redgem"},"image":{"@id":"https:\/\/zero.redgem.net\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/zero.redgem.net\/#\/schema\/person\/fbfeae8dfad117ac08a7621bee1a1dca","name":"invoker","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","caption":"invoker"},"sameAs":["https:\/\/zero.redgem.net"],"url":"https:\/\/zero.redgem.net\/?author=1"}]}},"_links":{"self":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts\/9974","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=9974"}],"version-history":[{"count":0,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts\/9974\/revisions"}],"wp:attachment":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=9974"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=9974"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=9974"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}