Additional Info

Company size (employees)10,000 or more
Headquarters RegionNorth America


The Digital Security and Risk Engineering (DSRE) team at Microsoft is a global team responsible for keeping all Microsoft data secure from the 21st century’s ever-growing cyber-threats and ensuring compliance with evolving regulations. Microsoft has a robust corporate incidence response strategy, as well as sophisticated companywide defenses that combine threat monitoring, vulnerability analysis and control tools. We are helping to solve the most vexing problems in the industry, including improving the shortcomings of passwords by eliminating the need for them, and leading a digital transformation by ensuring security in cloud operations.

Standout programs over the past year include the development of our new, industry-leading supply chain security framework, a best-in-class crisis management program and security improvements to critical development and administrative resources. Also notable is OneHunt, a weeklong crisis simulation event that brings together more than 100 security professionals from Microsoft’s various security organizations at company headquarters. During this exercise, “attackers” are asked to penetrate Microsoft’s defenses and achieve objectives by breaching various systems. The “defenders” are responsible for preventing, detecting and responding to the attackers’ actions. This event has a real impact both internally and externally, as product and service improvements are often made based on practices observed during the drill, and executive and peer briefings are delivered following the exercise so learnings can be shared broadly across internal stakeholder groups.

How we are different

• Supply-Chain Program:
Microsoft developed a new, risk-based supply chain framework based on a “multiple layers of defense” model that can scale to a large supplier base while providing the necessary in-depth assessments to enhance security for Microsoft and its suppliers. Differentiators include the level of oversight on an end-to-end supply chain and the ability to distinguish supply chain pillars (e.g., software, suppliers, hardware, etc.). The focus on continuous monitoring via risk profiles and tools instead of relying on annual assessments is unique to Microsoft’s program, as is the access to measurable ROI via risk reduction data.

• Secure Admin Workstation:
Security attacks are becoming more sophisticated in large organizational environments, so companies are adding multilayer security and taking a defense-in-depth approach as they strive to protect their enterprises. One element in Microsoft’s network security strategy is the secure admin workstation (SAW). These limited-use client computers provide secure access to restricted environments and help protect high-risk environments from security risks such as malware, phishing, and pass-the-hash attacks. Microsoft’s SAW program is unique in the industry as it is the first to combine a software solution with a hardware component as well. This reduces vulnerability to host-based attacks.

• Crisis Management Program:
Microsoft’s Crisis Management Program is best-in-class, including seven crisis management principles to prioritize response and a decision and guidelines matrix identifying the most critical decisions and associated owners. The seven principles are unique to Microsoft, as well as the focus placed on them by executive to drive response action and priorities. Microsoft’s program is also differentiated by its scale – we serve a huge variety of customers and our crisis management program must be built to cover every hazard that could impact them. Customers include essential services like hospitals and first responders, so it is critical that we manage crisis response well.