Microsoft is making security its No. 1 priority, CEO Satya Nadella said during the company’s fiscal third quarter earnings call Thursday.
“We launched our Secure Future Initiative last fall for this reason, bringing together every part of the company to advance cybersecurity protection, and we are doubling down on this very important work, putting security above all else — before all other features and investments,” Nadella said during the call.
Microsoft has come under heavy scrutiny from the federal government and private sector over the security of its products and overall customer trust, following recent attacks by state-linked Midnight Blizzard and a federal Cyber Safety Review Board report on the 2023 Microsoft Exchange compromise.
Nadella said Microsoft is focused on making progress on the six pillars of the Secure Future Initiative as the company works to:
- Protect tenants and isolate production systems
- Protect identities and secrets
- Protect networks
- Protect engineering systems
- Monitor and detect threats
- Accelerate response and remediation
Nadella said the company remains committed to sharing its learnings, tools and innovation with customers.
The comments come just weeks after the CSRB issued a blistering report on the company’s response to the summer 2023 compromise of Microsoft Exchange Online.
The CSRB found the attack, traced to a threat group affiliated with the People’s Republic of China, was entirely preventable. The board blamed major weaknesses in Microsoft’s corporate culture that prioritizes product features and speed to market over product security.
The hackers stole about 60,000 emails from the U.S. State Department and gained access to the account of Commerce Secretary Gina Raimondo, among other high profile users who were compromised.
Separately, the Cybersecurity and Infrastructure Security Agency earlier this month issued a directive ordering federal civilian executive branch agencies to reset credentials and check their systems for evidence of compromise. The Russia-linked threat group Midnight Blizzard had intercepted credentials and other information between Microsoft and some of its customers.