Microsoft Security Academy

Learn about Microsoft’s Secure Future Initiative

The Secure Future Initiative (SFI) is a multiyear initiative to evolve the way we design, build, test, and operate our products and services, to achieve the highest possible standards for security.

Read about our progress improving our security culture, governance, standards, and principles from the newly released SFI Progress Report.📢

Table of Contents

This page is organized by SFI’s six key pillars, each representing a critical area of cybersecurity focus.

Protect identities and secrets

Protect identity infrastructure signing and platform keys with rapid and automatic rotation (e.g., HSMs)

Training
Configure and manage secrets in Azure Key Vault
Plan, implement, and manage governance for security
Advance your security posture with Microsoft Intune
Protect infrastructure with Zero Trust

Ensure 100% of user accounts are protected with securely managed, phishing-resistant MFA

Training
Secure Microsoft Entra users with MFA
Understand Microsoft 365 Identity and Access management
Securing you: Basics and beyond

Ensure 100% of applications are protected with system-managed credentials (e.g., Managed Identity, Managed Certificates)

Training
Manage application access in Microsoft Entra ID
Design solutions for securing applications

Adopt more fine-grained partitioning of identity signing keys and platform keys

Training
Key management in Azure

Ensure identity and public key infrastructure (PKI) systems are ready for post-quantum cryptography

Training
NIST Releases First 3 Finalized Post-Quantum Encryption Standards

Back to Table of Contents

---

Protect tenants

Maintain the security posture and commercial relationships of tenants by removing all unused, aged, or legacy systems

Training
Security posture management in hybrid and multicloud environments
Evaluate security posture of existing application portfolios

Protect 100% of acquired and employee-created tenants, commerce accounts, and tenant resources

Training
Secure tenant administration

100% of applications and users have continuous least-privilege access enforcement

Training
Securing privileged access

Manage 100% of Microsoft Entra ID applications to a high, consistent security bar

Training
Identity and Access management

Back to Table of Contents

---

Protect networks

Secure 100% of production networks and systems connected to the networks by improving isolation, monitoring, inventory, and secure operations

Training
Protect network resources
Other threat protections in Microsoft Defender for Cloud
Use asset inventory to manage your resources’ security posture
Cloud security posture management (CSPM)
Understanding just-in-time (JIT) VM access

Apply network isolation and microsegmentation to 100% of production environments, creating additional layers of defense against attackers

Training
Secure and govern workloads with network-level segmentation
Azure guidance for secure isolation
What is Azure Firewall?
Advanced Azure Kubernetes Service (AKS) microservices architecture
Secure networks with Zero Trust

Enable customers to easily secure their networks and isolate resources in the cloud

Training
Isolation in the Azure Public Cloud
Azure Network Security
Azure best practices for network security
Tutorial: Filter network traffic with a network security group (NSG) using the Azure portal
Deploy and configure Azure Firewall using the Azure portal

Back to Table of Contents

---

Protect engineering systems

Build and maintain inventory for 100% of the software assets used to deploy and operate Microsoft products and services

Training
Evaluate security posture of existing application portfolios

100% of access to source code and engineering systems infrastructure is secured through Zero Trust and least-privilege access policies

Training
Secure access for workload identities

100% of source code that deploys to production environments is protected through security best practices

Training
Design and implement standards to secure application development

Secure development, build, test, and release environments with 100% standardized, governed pipelines and infrastructure isolation.

Training
Introduction to Secure DevOps
DevOps Security Management
Connect Azure DevOps environments to Microsoft Defender for Cloud

Back to Table of Contents

---

Monitor and detect threats

Maintain a current inventory across 100% of production infrastructure and services

Training
What is Microsoft Defender Vulnerability Management (MDVM)

Retain 100% of security logs for at least two years and make six months of appropriate logs available to customers

Training
Manage audit log retention policies
Audit in Microsoft Purview

Automatically detect and respond to anomalous access, behaviors, and configurations across 100% of production infrastructure and services

Training
Threat protection with Microsoft Defender XDR
Embedded experiences of Microsoft Copilot for Security

Back to Table of Contents

---

Accelerate response and remediation

Reduce the Time to Mitigate for high-severity cloud security vulnerabilities with accelerated response

Training
Manage and respond to security alerts
Automate remediation responses
View and remediate findings from vulnerability assessments on your VMs
Security Control: Incident response
Ingest Microsoft Defender for Cloud alerts to Microsoft Sentinel
Embedded experiences of Microsoft Copilot for Security

Increase transparency through the adoption and release of Common Weakness Enumeration™ (CWE™), and Common Platform Enumeration™ (CPE™)

Training
Enable vulnerability scanning with Microsoft Defender Vulnerability Management
Automatically configure vulnerability assessment for your machines
Security alerts – Reference Guide
Track and respond to emerging threats through threat analytics

Improve the accuracy, effectiveness, transparency, and velocity of public messaging and customer engagement

Training
Secure score in Microsoft Defender for Cloud
Improve regulatory compliance
Automate remediation responses
Set up continuous export in the Azure portal

Back to Table of Contents

---