Summary: Microsoft has completed a significant overhaul of its security infrastructure by migrating all Microsoft Account and Entra ID token-signing keys to hardware security modules and Azure confidential VMs, aiming to prevent key-theft attacks. The company has made substantial progress on its Secure Future Initiative, focusing on improved security measures and multi-factor authentication. These developments come in response to a high-profile breach attributed to a Chinese hacking group that exploited stolen credentials.
Affected: Microsoft
Keypoints :
- All Microsoft Account and Entra ID token-signing keys have been moved to hardware security modules or Azure confidential VMs.
- Over 90% of internal productivity accounts have adopted phishing-resistant multi-factor authentication.
- Microsoft has made significant strides in its Secure Future Initiative, with five objectives near completion and ongoing improvements to mitigate past attack vectors.
- 6.3 million dormant Azure tenants have been purged to enhance security for cloud tenants.
- 88% of active resources have migrated to Azure Resource Manager for better policy enforcement.
- Microsoft has faced criticism for its handling of third-party vulnerability research and continues to address ongoing cybersecurity challenges.