微软推出“安全未来计划”(SFI)第二部分,扩展网络安全、工程系统和安全响应的实用指南。六个新模式基于微软经验,帮助组织提升安全性并简化部署。 2025-10-7 16:0:0 Author: www.microsoft.com(查看原文) 阅读量:3 收藏
Building on the momentum of our initial launch of the Microsoft Secure Future Initiative (SFI) patterns and practices, this second installment continues our commitment to making security implementation practical and scalable. The first release introduced a foundational library of actionable guidance rooted in proven architectures like Zero Trust. Now, we’re expanding that guidance with new examples that reflect our ongoing learnings—helping customers and partners understand our strategic approach more deeply and apply it effectively in their own environments.
This next set of SFI patterns and practices articles include practical, actionable guidance built by practitioners, for practitioners, in the areas of network, engineering systems, and security response. Each of the six articles includes details on how Microsoft has improved our security posture in each area so customers, partners, and the broader security community can do the same.
| Pattern name | SFI Pillar | What it helps you do |
| Network isolation | Protect networks | Contain breaches by default. Strongly segment and isolate your network (through per-service ACLs, isolated virtual networks, and more) to prevent lateral movement and limit cyberattackers if they get in. |
| Secure all tenants and their resources | Protect tenants and isolate systems | Help eliminate “shadow” tenants. Apply baseline security policies, such as multifactor authentication (MFA), Conditional Access, and more, to every cloud tenant and retire unused ones, so cyberattackers can’t exploit forgotten, weakly-secured environments. |
| Higher security for Entra ID apps | Protect tenants and isolate systems | Close identity backdoors. Enforce high security standards for all Microsoft Entra ID (Azure AD) applications—removing unused apps, tightening permissions, and requiring strong authorization—to block common misconfigurations cyberattackers abuse for cross-tenant attacks. |
| Zero Trust for source code access | Protecting engineering systems | Secure the dev pipeline. Require proof-of-presence MFA for critical code commits and merges to help ensure only verified developers can push code and stop cyberattackers from surreptitiously injecting changes. |
| Protect the software supply chain | Protecting engineering systems | Lock down builds and dependencies. Govern your continuous integration and continuous delivery (CI/CD) pipelines and package management—use standardized build templates, internal package feeds, and automated scanning to block supply chain cyberattacks before they reach production. |
| Centralize access to security logs | Monitoring and detecting threats | Speed up investigations. Standardize and centralize your log collection (with longer retention) so that security teams have unified visibility and can detect and investigate incidents faster—even across complex, multi-cloud environments. |
More about SFI patterns and practices
Just as software design patterns provide reusable solutions to common engineering problems, SFI patterns and practices offer repeatable, proven approaches to solving complex cybersecurity challenges. Each pattern is crafted to address a specific security risk—legacy infrastructure or inconsistent CI/CD pipelines—and is grounded in Microsoft’s own experience. Like design patterns in software architecture, these security patterns are modular, extensible, and built for reuse across diverse environments.
Additionally, each pattern in the SFI patterns and practices library follows a consistent and purposeful structure. Every article begins with a pattern name—a concise handle that captures the essence of the cybersecurity challenge. The problem section outlines the security risk and its real-world context, helping readers understand why it matters. The solution describes how Microsoft addressed the issue internally. The guidance section provides practical recommendations that customers can consider applying in their own environments. Finally, the implications section outlines the outcomes and trade-offs of implementing the pattern, helping organizations anticipate both the benefits and the operational considerations.
This structure offers a framework for understanding, applying, and evolving security practices.
Next steps with SFI
Security is a journey, and Microsoft is committed to sharing our insights from SFI. Watch for more actionable advice in coming months. SFI patterns and practices provide a roadmap for putting secure architecture into practice. Embracing these approaches enables organizations to advance their security posture, minimize deployment hurdles, and establish environments that are secure by design, by default, and in operations.
To get access to the full library, visit our new SFI patterns and practices webpage. And check out the new SFI video on our redesigned website to hear directly from Microsoft leadership about how we are putting security above all else.
Let’s build a secure future, together
Talk to your Microsoft account team to integrate these practices into your roadmap.
To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.
如有侵权请联系:admin#unsafe.sh