David Weston, Corporate Vice President, Enterprise and OS Security at Microsoft, Windows Experience Blog

Security leadership in the age of constant disruption

David Weston, Corporate Vice President, Enterprise and OS Security at Microsoft — Tue, 05 Aug 2025 19:00:16 +0000

The next wave of innovation is already here: AI, quantum computing, intelligent agents and other emerging technologies are beginning to transform how organizations operate. But with transformation comes a sharp rise in risk. For today’s business leaders, the question is no longer if disruption will impact your organization’s security; it’s how fast you can adapt. Security is no longer just a technical function; it’s a strategic business imperative. Executives must both anticipate and prevent potential risk by investing in technology and best practices that will advance in parallel with the latest threat exposure. To stay competitive and protected, organizations must act now. Inaction carries tangible consequences, while building a resilient, forward-looking security program—one that can absorb disruption and adapt to change—can serve as a true business differentiator. I see this every day in my role leading the operating system security group at Microsoft, where we’re building new security technologies for our different operating systems. Below, I outline five major shifts already redefining the security landscape, and the actions executives can take today to build security structures that are agile, protected and prepared. https://www.youtube.com/watch?v=ccpXNBsTaGk

Five security shifts that will define the next decade

Digital advancements and the democratization of technology will have major implications and impact on security programs. Organizations that want to remain high performing while protecting themselves from evolving threats should begin preparing for the following trends.

AI agents will boost productivity—but multiply risk

Utopian predictions for a future of work where AI agents execute business processes alongside or on behalf of individuals, teams or entire organizations are no longer theoretical. Agent capability is already here. In the next five years, agents will be fully integrated into our daily lives, amplifying productivity and seamlessly interacting on our behalf. This shift will have a profound impact on organizations, driving higher productivity and greater job satisfaction. I envision a future where agents will take on the tasks people find tedious or time consuming, freeing them to focus on work that demands human strengths: ideation, creativity, vision and connecting with people. These agents will also play a role in managing and automating aspects of security. While agents will help improve the overall productive output of your organization, the use of agents by bad actors may introduce new security risks to your program. I recently addressed the importance of securing Model Context Protocol (MCP) implementations at Build, as it is an area increasingly targeted by attackers. C-suite action to take: As you reconfigure your workforce to include AI agents, build parallel security structures that leverage the same agentic capabilities to defend against a broader and more complex landscape.

Cyber-physical agents will expand the security perimeter

As AI systems begin to govern physical environments (controlling everything from door locks to vehicle operations to entire factory floors), the security perimeter will extend beyond the digital realm. This evolution of AI systems embedded in physical systems introduces new risks and potential targets for manipulation or disruption. The convergence of digital and physical systems means that a breach in one domain can have real-world consequences for the other. Security strategies must evolve to account for this expanded threat landscape, ensuring that physical systems are as protected as their digital counterparts. C-suite action to take: Integrate physical security into your broader cybersecurity strategy. Invest in systems that can monitor, verify and defend physical AI environments, and ensure your supply chain is secure end-to-end.

Quantum will create retro threats and require specific protective technology

Quantum computing is no longer a distant possibility; it’s a rapidly approaching reality. Once quantum systems reach the 1 million qubits threshold, they’ll have the power to break today’s most widely used cryptographic algorithms. This will fundamentally alter the security landscape. The threat isn’t just future-facing. Adversaries can collect encrypted data now and decrypt it later, once quantum capabilities are available. This retroactive risk makes it critical to begin transitioning to quantum-safe encryption today. C-suite action to take: Prioritize investment in post-quantum cryptography. Begin assessing your organization’s cryptographic dependencies and developing a roadmap to upgrade systems before quantum threats become real.

AI-enabled workforces will reshape talent … and risk

AI is transforming how we work. In the next three to five years, individuals will lead their own virtual teams, powered by AI agents tasked with a variety of roles. This shift will redefine productivity and talent models across industries. But as AI expands the workforce, it also expands the attack surface. Security teams must prepare for a world where both defenders and attackers are augmented by AI. The opportunities lie in using AI to strengthen defenses, automate threat detection and accelerate response. The implications for improving security are real. Blue teams (those responsible for defending against simulated or real-world attacks) will increasingly rely on virtual assistants to collect, analyze and enrich data. These AI-powered teammates will enhance log analysis, streamline patch management and elevate threat intelligence. This level of support could be available within the next 18 months, accelerating both the speed and precision of security operations. C-suite action to take: Foster collaboration between HR and IT to support AI-augmented work models. Build a security program that leverages AI for prevention, detection and resilience, so that your workforce is both empowered and protected.

Hardware-level security will reduce threats and require system upgrades

One significant shift already underway is the migration to an appliance or hardware-level security model. By embedding security directly into physical components, whether in endpoint devices or network appliances, organizations can reduce reliance on software patches and improve baseline protection. This is especially important as legacy edge devices, like routers, printers and VPN appliances, become common targets. Many of these systems run outdated software and lack modern protections. Modern appliances, however, are increasingly equipped with built-in security features such as secure boot, firmware validation and hardware-based isolation, offering a path to stronger, more reliable defenses. C-suite action to take: Plan for system-wide hardware and firmware upgrades, moving the devices to a separate isolated network to ensure security at the appliance level. This investment will enhance prevention capabilities and reduce the burden on detection and response systems, ensuring that critical infrastructure is protected at every layer.

Five security strategies to build future-ready security

To stay ahead of evolving threats, organizations must act decisively. These five strategies can help you build a resilient, future-ready security program.

Track and secure reliable software and hardware supply chains

Today’s supply chains are interconnected, global and increasingly vulnerable to geopolitical and technological disruption. Threat actors are already targeting hardware and software at the source, implanting malicious components or degrading cryptographic strength during the build process. To stay ahead, organizations must gain full visibility into their supply chains. Know where your most critical components come from, and which ones are the most sensitive to disruption. This level of insight will be difficult to achieve, but starting now will ensure your organization is proactive in this important line of defense.

Invest in attack prevention, not detection, as a primary strategy

Detection tools are essential, but they often come into play after a breach has occurred. Prevention, on the other hand, narrows the threat landscape from the outset. Modern infrastructure, especially hardware-based security, can help you stop attacks before they start. By investing in prevention-first strategies, like Zero Trust or data protection, you reduce the volume of threats that require detection and response, allowing teams to focus on what matters most.

Leverage agentic AI to prepare for—and counter—modern threats

Attackers are already using AI to scale and evolve their tactics. Your defense must do the same. Agentic AI can serve as a virtual member of your security team, auditing your network, analyzing logs and identifying anomalies in real time. For organizations with limited security staff or budget, agentic AI offers a force multiplier. It’s not just a tool, but a strategic asset that can help you match the speed and sophistication of modern adversaries.

Invest in mechanisms that track and ensure source integrity

As generative AI accelerates, the ability to verify what’s real, and what’s not, will become a core security function. Deepfakes are already being used to impersonate executives and manipulate communications. In the next 24 months, we anticipate seeing real-time video deepfakes enter the mainstream. Every synthetic asset leaves a trace or some noise in the signal. Your job is to detect it. Look for tools that implement provenance standards and are able to verify the authenticity of content, code and communications.

Mandate consistent security hygiene protocols

Security hygiene may not be flashy, but it’s foundational. Regular patching, no-password authentication, password rotation and disciplined threat monitoring are still your best defense against many common attacks. Empower your teams to treat hygiene as a strategic priority. The fundamentals haven’t changed, and they’ll carry you forward as the threat landscape evolves.

Move from risk to resilience with proven frameworks and strategies

Microsoft supports several initiatives designed to make all digital environments touched by Microsoft products more secure and resilient to incidents. If you’re interested in learning more about how to support and expand a security program that positions your organization for future success, look to these initiatives and strategies. They include:

Secure Future Initiative (SFI) is a multi-year commitment by Microsoft to continue to build security into our products, services and operations. The goal is to enhance the design, building, testing and operation of technology to meet the highest possible standards for security.

Windows Resiliency Initiative (WRI) is a Microsoft initiative that focuses on preventing, managing and recovering from security and reliability incidents, mitigating issues quickly if they arise and facilitating seamless recovery across the Windows platform. WRI includes the ability to recover systems remotely and is part of a continual effort to make Windows the most resilient and secure open OS platform.

Microsoft Virus Initiative (MVI) is a partner program with other independent software vendors that provides anti-malware solutions. Microsoft collaborates with MVI partners to define and follow Safe Deployment Practices (SDP), incident response and the development of new platform capabilities in Windows 11.

Zero Trust is a security strategy and approach that requires verifying explicitly, using least privileged access and assuming a breach. The framework was created to help organizations reduce security vulnerabilities with expanded visibility across their digital environments, risk-based access controls and automated policies.

Act now to secure your future

We’re entering a new era of disruption, driven by AI, quantum and other transformative technologies. The organizations that thrive will be those that act now to modernize their security programs. Build a strategy that is proactive, resilient and aligned to your business goals. The future is coming fast. Make sure your security program is ready for it. Learn more about security leadership in the age of disruption:

Windows Resiliency Initiative report

The Microsoft cybersmart toolkit

Microsoft Windows security

The Windows Resiliency Initiative: Building resilience for a future-ready enterprise

David Weston, Corporate Vice President, Enterprise and OS Security at Microsoft — Thu, 26 Jun 2025 16:00:09 +0000

Resilience isn’t optional—it’s a strategic imperative. In today’s threat landscape, organizations can’t afford to treat resilience as a reactive measure. It must be built into the foundation of how systems are designed, secured and managed. That’s why Microsoft launched the Windows Resiliency Initiative (WRI)—a focused effort to embed resilience and security into the Windows platform itself. Announced at Ignite, WRI is an initiative designed to make all digital environments touched by Microsoft products more secure and resilient. WRI prioritizes preventing, managing and recovering from security and reliability incidents, mitigating issues swiftly and providing seamless recovery across the Windows platform. WRI outlines Microsoft’s commitment to helping organizations prevent, withstand and recover from disruptions. This includes three core areas: ecosystem collaboration, actionable guidance and product innovation.

Ecosystem collaboration and learning with partners to evolve the Windows ecosystem

In September 2024, we hosted the Windows Endpoint Security Ecosystem Summit (WESES), bringing together a diverse group of endpoint security vendors and global government officials to discuss strategies for improving resiliency and protecting our mutual customers. We recognized our shared responsibility to enhance resilience by openly sharing information about how our products function, handle updates and manage disruptions. Since the summit, we've continued this close collaboration with Microsoft Virus Initiative (MVI) partners to gather feedback and iterate on Windows platform capabilities to achieve the goal of enhanced reliability without sacrificing security. As a part of this evolution, our MVI 3.0 program requires partners to commit to taking specific actions to improve the security and reliability of Windows. Requirements include testing incident response processes and following safe deployment practices (SDP) for updates to Windows endpoints. Security product updates must be gradual, leverage deployment rings and leverage monitoring to minimize negative impacts. These practices complement our platform investments, enabling us to deliver greater stability, faster recovery and reduced operational risk for enterprise customers who rely on a secure and reliable Windows environment. Next month, we will deliver a private preview of the Windows endpoint security platform to a set of MVI partners. The new Windows capabilities will allow them to start building their solutions to run outside the Windows kernel. This means security products like anti-virus and endpoint protection solutions can run in user mode just as apps do. This change will help security developers provide a high level of reliability and easier recovery resulting in less impact on Windows devices in the event of unexpected issues. We will continue to collaborate deeply with our MVI partners throughout the private preview. Here are some insights from MVI partners that provide further perspective:

Bitdefender: “Bitdefender is pleased to collaborate with Microsoft to redefine how security is delivered to Windows users. Through the Windows Resiliency Initiative and development of the Windows endpoint security platform, our teams have worked together to modernize the security architecture—creating a resilient, forward-looking foundation that enhances protection against evolving threats while maintaining a seamless user experience. This initiative reflects our shared commitment to advancing industry standards and delivering secure, high-performing Windows environments for customers everywhere.” — Florin Virlan, SVP, Product and Engineering at Bitdefender Customer Solutions Group.

CrowdStrike: “We spoke at WESES last year to emphasize the importance of our industry coming together and, since then, have seen significant customer interest in the progress toward greater platform resiliency. Through this collaboration, we’ve driven substantial improvements to the planned capabilities for the Windows endpoint security platform, paving the way for a more integrated high-performing security solution. With the introduction of MVI 3.0, we’ve successfully met all the new standards and recognize how these rigorous requirements strengthen the overall ecosystem. We remain fully committed to developing a Windows endpoint security platform-ready product and look forward to leveraging these new capabilities as Microsoft releases them.” — Alex Ionescu, Chief Technology Innovation Officer, CrowdStrike.

ESET: “The collaboration between ESET and Microsoft technology teams on the proposed Windows endpoint security platform changes continue to be productive with open and ongoing dialogue. Delivering a stable and resilient operating system environment is extremely important for our joint customers, and the ESET team continue to provide detailed feedback to help ensure there is no degradation in the security or performance currently enjoyed by our customers. The increased requirements to maintain MVI membership complement the Windows endpoint security platform, requiring the documentation and adoption of resilient processes to help ensure any incident is either avoided or managed both efficiently and expediently. ESET are committed to the important evolution of both the MVI partnership and the engineering collaboration with Microsoft, something we have valued for several decades.”—Juraj Malcho, Chief Technology Officer, ESET

SentinelOne: “SentinelOne is pleased to be collaborating with Microsoft to drive a more resilient approach to delivering endpoint protection products on Windows. As a security-first company, we understand that every vendor must live up to stringent engineering, testing and deployment standards and follow software development and deployment best practices. SentinelOne has followed these processes for years and we appreciate the opportunity to provide input to Microsoft and shape changes that can drive better outcomes for our shared customers.” — Stefan Krantz, SVP and Head of Engineering, SentinelOne

Sophos: “Sophos has been a close collaborator with Microsoft on the Windows endpoint security platform since the Windows Endpoint Security Ecosystem Summit last September, and we’re enthusiastic about the advancements introduced with MVI 3.0. This evolution underscores Microsoft’s thoughtful approach to equity among its security partners and its ongoing commitment to a resilient and secure ecosystem, which aligns perfectly with Sophos’ dedication to responsible multi-stage software release practices. By establishing MVI 3.0 as a standard for the Windows security ecosystem, we believe the entire industry, vendors and customers alike, will benefit from stronger, more stable protection. We look forward to deepening our partnership with Microsoft and continuing to deliver advanced endpoint security capabilities to protect our shared customers.” — John Peterson, Chief Development Officer, Sophos

Trellix: “We have a long and trusted partnership with Microsoft, and will keep working closely with the Windows endpoint security platform program as it is nurtured and scaled. Over the last year, we have worked with Microsoft to ensure that our processes and products continue to meet stringent requirements and have engaged with feedback and recommendations to improve operational resilience. Safe deployment practices and transparency advance our entire industry and strengthen cybersecurity outcomes for all.” — Jim Treinen, SVP, Engineering, Trellix

Trend Micro: “Our collaboration with Microsoft on the Windows endpoint security platform reflects a shared commitment to more resilient enterprise security. We’ve contributed across technical validation and MVI 3.0 alignment, ensuring the platform is ready for real-world deployment. Just as important, we see the Windows endpoint security platform supporting a more integrated and resilient security model, where platform and protection work together to meet the evolving needs of modern enterprise.” — Rachel Jin, Chief Enterprise Platform Officer, Trend Micro

WithSecure: “WithSecure is proud to be part of Microsoft’s Windows Resiliency Initiative, a collaborative effort to strengthen the Windows ecosystem. Our team has worked diligently to help meet the MVI 3.0 requirements, including improving our safe deployment practices resulting in reduced risk for our customers and partners. Through deep technical collaboration with Microsoft, we’re making Windows more secure, resilient and easier for security vendors to integrate with. As new Windows endpoint security platform capabilities emerge, WithSecure is excited to leverage them to help our customers stay ahead of evolving threats. We look forward to the many security-enhancing opportunities this collaboration will bring.” — Johannes Rave, Lead Architect of XDR at WithSecure

Actionable guidance to build organizational resilience: Introducing the Windows Resiliency Initiative e-book

Today, we are happy to introduce the Windows Resiliency Initiative e-book, one result of our commitment to provide guidance for others building organizational resiliency. The e-book is a resource that helps organizations understand how Windows provides foundational practices, strategies and tools to build resilience and embrace a resilience-focused strategy across their IT platform.

Product innovation to support resiliency on the Windows platform

As an outcome of WRI, organizations can look forward to several new Windows product innovations to support them in their journeys to build infrastructures that can rapidly adapt as needed while maintaining a foundation of resilience. Consider adding these capabilities to your digital repertoire.

Now it’s easier than ever to navigate unexpected restarts and recover faster

A key trait of a resilient organization is the ability to maintain productivity and minimize disruptions. But when unexpected restarts occur, they can cause delays and impact business continuity. This is why we are streamlining the unexpected restart experience. We are also adding quick machine recovery, a recovery mechanism for PCs that cannot restart successfully. This change is part of a larger continued effort to reduce disruption in the event of an unexpected restart. The Windows 11 24H2 release included improvements to crash dump collection which reduced downtime during an unexpected restart to about two seconds for most users. We’re introducing a simplified user interface (UI) that pairs with the shortened experience. The updated UI improves readability and aligns better with Windows 11 design principles, while preserving the technical information on the screen for when it is needed. [caption id="attachment_179815" align="alignnone" width="1024"] The new Windows 11 unexpected restart screen[/caption] The simplified UI for unexpected restarts will be available starting later this summer on all Windows 11, version 24H2 devices. In the case of consecutive unexpected restarts, devices can get stuck in the Windows Recovery Environment (Windows RE), impacting productivity and often requiring IT teams to spend significant time troubleshooting and restoring affected devices. This is where quick machine recovery (QMR) can help. When a widespread outage affects devices from starting properly, Microsoft can broadly deploy targeted remediations to affected devices via Windows RE—automating fixes with QMR and quickly getting users to a productive state without requiring complex manual intervention from IT. We are excited to announce QMR will be generally available later this summer together with the renewed unexpected restart functionality. QMR supports all editions of Windows 11, version 24H2 devices. It is enabled by default for Windows 11 Home devices; IT admins will be in full control and can enable it on devices running Windows 11 Pro and Enterprise. Later this year, Microsoft will release additional capabilities for IT teams to customize QMR.

Microsoft Connected Cache saves internet bandwidth

With today’s interconnected work ecosystems, reliable internet bandwidth has become essential for organizations seeking resiliency through a cloud-native approach to device management. Case in point: When all devices in a system simultaneously attempt to download updates, an organization’s network bandwidth, especially in branch offices, can be negatively impacted. Microsoft Connected Cache can help organizations improve their bandwidth when performing upgrades to Windows 11, Windows Autopilot device provisioning, Microsoft Intune application installations and Windows Autopatch monthly updates. Connected Cache will be generally available in the coming weeks. Internet bandwidth is saved when Connected Cache nodes transparently and dynamically cache the Microsoft-published content that downstream Windows devices need to download. Using this solution, content requests from Delivery Optimization can be served by the locally deployed Connected Cache node instead of the cloud. This results in fast, bandwidth-efficient delivery across connected devices.

Introducing Universal Print anywhere: Print securely, flexibly and confidentially

Organizational resilience is a holistic concept that extends to printer systems, including third-party drivers that, while often essential to operations, can be an exposure point. Universal Print anywhere, also known as “pull print,” enables users to securely release their printing request from anywhere in the organization to any authorized printer. Building on the existing secure release with QR code functionality (enabled with the Microsoft 365 mobile app), users can print using the Windows Protected Print infrastructure, without having to choose a printer in advance. This sequence helps ensure that confidential documents aren't left on the printer for unauthorized viewing and minimizes toner and paper waste from uncollected print jobs. This Universal Print update provides additional IT control with a feature that allows administrators to configure print options for a printer share. This means end users will only be able to view options selected by the administrator.

Get updates without interruption, thanks to hotpatching

A hotpatch update installs important Windows security updates once a month without needing to restart—quickly securing without disrupting workflow. It’s simple to use and included with Windows Autopatch. If your devices meet the prerequisites, you can opt devices in (or out) for automated deployment through Windows Autopatch. To learn more, visit the hotpatch blog. Devices that don’t qualify will still receive regular security updates to help ensure protection.

Windows 365 Reserve: Maintain business continuity with instant Cloud PC access

Device disruptions, due to loss, theft, delays or malfunctions, can be inconvenient and disruptive to productivity. That’s why Microsoft just announced Windows 365 Reserve, a new offer to help organizations mitigate the risk of downtime. Windows 365 Reserve provides easy, secure access to a temporary, pre-configured Cloud PC, which can be accessed across devices when a user’s primary device is not available. With Windows 365 Reserve, organizations can build a more resilient and secure IT infrastructure, especially in the case of a security incident, lost or stolen devices, or an inability to access your physical device, for whatever reason. Windows 365 Reserve will soon be available for preview. Complete this form or contact your Microsoft account team to express interest in participating in the preview of Windows 365 Reserve.

Prepare for a digital future with resiliency as the foundation

Building organizational resilience is a necessary strategic imperative as we move into a new age of digital capabilities—and risk. Organizations equipped with strategies, best practices and tools that will support their ability to maintain operations as they anticipate, prepare for, respond to and recover from disruptions are more likely to thrive and remain competitive within today’s complex and interconnected digital ecosystems. Microsoft is here to support you as you build resilience in your security strategy with our WRI commitment to helping organizations prepare for uncertainty, minimize risk and emerge stronger from any challenge. Consider these helpful links:

Windows Resiliency Initiative e-book

Microsoft Connected Cache for Enterprise

Universal Print secure cloud-print infrastructure

Quick machine recovery

Upgrading to Windows 11 24H2, the most secure and resilient Windows yet

Disclaimer: This blog post is for informational purposes only and outlines Microsoft’s current product direction and plans. Product availability, licensing terms and capabilities may vary by region and are subject to change. All third-party trademarks are the property of their respective owners. Editor’s note – June 27, 2025 – A quote from Sophos was added.

Securing the Model Context Protocol: Building a safer agentic future on Windows

David Weston, Corporate Vice President, Enterprise and OS Security at Microsoft — Mon, 19 May 2025 16:00:35 +0000

As AI agents become more capable and integrated into daily workflows, the need for secure, standardized communication between tools and agents has never been greater. At Microsoft Build 2025, we’re announcing an early preview of how Windows 11 is embracing the Model Context Protocol (MCP) as a foundational layer for secure, interoperable agentic computing — and how we’re securing it from the ground up.

What is MCP?

MCP is a lightweight, open protocol — essentially JSON-RPC over HTTP — that allows agents and applications to discover and invoke tools in a standardized way. It enables seamless orchestration across local and remote services, allowing developers to build once and integrate everywhere. MCP defines three roles:

MCP Hosts: Applications like VS Code, or other AI tools that want to access capabilities via MCP.

MCP Clients: Clients that initiate requests to MCP servers.

MCP Servers: Lightweight services that expose specific capabilities (e.g., file system access, semantic search, app actions) through the MCP interface.

Windows 11 will support developers building intelligent applications that want to use MCP and generative AI capabilities to build applications centered around generative AI and intelligence which can leverage MCP where appropriate to take actions on behalf of the user. We will provide an early preview of the MCP platform capabilities to developers in the coming months for the purposes of feedback.

Why security matters

MCP opens up powerful new possibilities — but also introduces new risks. Without strong controls, an MCP server, for example, could expose sensitive functionality, be misconfigured to allow remote access, or be exploited through many means of attacks including new forms such as prompt injection or tool poisoning. From a security perspective, the input and training data for an LLM are considered untrusted. In addition, cross-prompt injection can enable attackers to include untrusted prompt data and complete a confused deputy attack. In the case of a simple chat app, the implications of a prompt injection could be a jailbreak or leakage of memory data, with MCP the implications could be full remote code execution — the highest severity attack. We’ve used internal and external security research to identify several emerging threat vectors that need to be accounted for in a secure agentic architecture:

Cross-Prompt Injection (XPIA): Malicious content embedded in UI elements or documents can override agent instructions, leading to unintended actions like data exfiltration or malware installation.

Authentication Gaps: MCP’s current standards for authentication are new and inconsistently adopted. OAuth is optional, and ad-hoc approaches are emerging.

Credential Leakage: Agents running with full user privileges risk exposing sensitive tokens or credentials.

Tool Poisoning: Unvetted or low-quality MCP servers may expose dangerous functionality or be used to escalate privileges.

Lack of Containment: Without isolation, a compromised agent can affect the entire user session or system.

Limited Security Review: Many servers are rapidly developed with minimal security review, increasing the risk of vulnerabilities.

Registry and MCP Supply Chain Risks: Without vetting, a public registry of MCP servers could become a vector for malware or abuse.

Command Injection: Improperly validated inputs in the MCP server can lead to arbitrary command execution.

The MCP standard and AI related security is a fast-moving field of research. The goal for Windows 11 as an agentic OS is to provide the strongest fundamental security capabilities while also evolving and adapting to emerging threats.

MCP security architecture in Windows 11

In line with Microsoft’s Secure Future Initiative commitment, security is our top priority as we expand MCP capabilities. The MCP Security Architecture in Windows 11 provides fundamental security capabilities based on the following principles:

Provide a baseline set of security requirements that all MCP server developers must meet to help ensure user safety.
- Windows 11 seeks to provide an open and diverse ecosystem of servers while keeping user security as the top priority. This means ensuring each server meets security requirements (more information on this below), has a unique identity, and code is signed to enable provenance validation and revocation when necessary.
The user is in control for all security sensitive operations done on their behalf.
- When agents work on behalf of the user, their scope and operations must be transparent to the user, and sensitive operations such as modifications to the state of the operating system, data and credential access must be surfaced. All sensitive actions done on behalf of the user must be auditable and transparent.
Principle of least privilege must be enforced to contain the impact of any possible attack on an MCP server.
- Windows 11 enforces declarative capabilities and isolation (where applicable) for servers to limit the blast radius and impact of attacks on MCP.

MCP security controls

To make good on these promises, Windows 11 will provide the following security controls:

Proxy-Mediated Communication: All MCP client-server interactions are routed through a trusted Windows proxy, enabling centralized enforcement of policies and consent. This includes the ability to enforce authentication and authorization in a centralized and consistent manner addressing one of the top challenges with the MCP protocol. This also enables transparent auditing of all on-behalf-of operations and provides a central point where security solutions can observe and respond to potential attacks.

Tool-Level Authorization: Users must explicitly approve each client-tool pair, with support for per-resource granularity helping to fulfil the principle of keeping user in control.

Central Server Registry: Only MCP servers which meet a baseline security criteria will be available in the Windows Registry, ensuring discoverability without compromising trust.

Runtime Isolation: MCP servers’ requirement will implement the principle of least privilege enforced through mechanisms such as isolation and granular permissions. This will put the user in control of what privileges are granted to an MCP server through a declarative model and limit the “blast radius” of any potential attack on a specific MCP server.

MCP Server security requirements

MCP Servers will be required to meet a baseline series of security requirements in order to appear in the Windows 11 MCP server registry which includes:

Mandatory code signing to establish provenance and enable revocation
Servers’ definition of tools cannot be changed at runtime
Security testing of exposed interfaces
Mandatory package identity
Servers must declare privileges they require

These will prevent classes of attack like tool poisoning while also creating an open and diverse ecosystem of MCP servers. More information on these requirements will be available when the developer preview is released. These requirements are subject to change as we learn more through the preview.

Developer preview

Microsoft will provide an early private preview of the MCP server capability post-Microsoft Build to developers only for the purposes of feedback. This private preview may include security capabilities that are not in enforcement mode during the private preview period which will enabled before broad availability. Microsoft will provide this private preview to developers and require that devices be in developer mode to ensure only developers with entitlement can leverage it. Secure-by-default enforcement will be part of the overall release to customers.

Looking ahead

Security is not a one-time feature — it’s a continuous commitment. As we expand MCP and other agentic capabilities, we will continue to evolve our defenses. From prompt isolation and dual-LLM validation to runtime policy enforcement and firewall plugins, our roadmap is designed to stay ahead of the threat curve. We are also working with others in the ecosystem such as Anthropic and the MCP Steering Committee to help MCP to meet increasing security needs with continued agentic innovation. For more information, see: Microsoft Build 2025: The age of AI agents and building the open agentic web. At Microsoft, we believe that trust is the foundation of innovation. By building security into the core of our agentic platform, the future of AI on Windows is not just powerful — but safe.

Windows security and resiliency: Protecting your business

David Weston, Corporate Vice President, Enterprise and OS Security at Microsoft — Tue, 19 Nov 2024 13:30:34 +0000

At Microsoft, security is our top priority, and with every release, Windows becomes even more secure. At Ignite 2024, we will highlight new Windows security innovations that will provide the clarity and confidence our customers and organizations require while navigating this evolving digital landscape. We will also talk about our learnings from the July incident, and investments we are making as a result. Protecting your data and ensuring the integrity of your systems is paramount. From chip to cloud, Microsoft provides multiple layers of security to help protect identities and data, and enables an expansive ecosystem for innovation at a critical time. As the security landscape evolves, we continuously enhance Windows' security and resilience, ensuring it remains a secure platform for our partners, developers and customers. A strong security posture is essential for your business, and a shared responsibility across our ecosystem. This week at Ignite, we’re sharing more on our Secure Future Initiative (SFI) — our commitment to making security foundational in everything we do at Microsoft. Since launching SFI, we’ve focused the equivalent of 34,000 full-time engineers on the highest-priority security challenges. The November update dives into insights across all aspects of SFI as well as learnings that customers can implement to strengthen their own security posture. Explore the latest insights and best practices in our November update.

Security and Resiliency: Our Top Priority

Protecting your organization’s data from emerging threats and ensuring system integrity is paramount. Windows 11 raises the bar for security and reliability, while maintaining the Windows open ecosystem where customers and partners innovate freely. We are committed to ensuring that Windows remains the most reliable and resilient open platform for our customers. As part of this commitment, we are introducing the Windows Resiliency Initiative, covering four areas of focus:

Strengthen reliability based on learnings from the incident we saw in July.

Enabling more apps and users to run without admin privileges.

Stronger controls for what apps and drivers are allowed to run.

Improved identity protection to prevent phishing attacks.

Empowering IT administrators with great tools during critical times is a top priority. Our first step is born out of the learnings from the July incident with the announcement of Quick Machine Recovery. This feature will enable IT administrators to execute targeted fixes from Windows Update on PCs, even when machines are unable to boot, without needing physical access to the PC. This remote recovery will unblock your employees from broad issues much faster than what has been possible in the past. Quick Machine Recovery will be available to the Windows Insider Program community in early 2025. We are our evolving our partnership with endpoint security partners who you rely on to keep your employees safe as part of the Microsoft Virus Initiative (MVI). Together, we will adopt Safe Deployment Practices, which means that all security product updates must be gradual, leverage deployment rings, as well as monitoring to ensure any negative impact from updates is kept to a minimum. To help our customers and partners increase resilience, we are developing new Windows capabilities that will allow security product developers to build their products outside of kernel mode. This means security products, like anti-virus solutions, can run in user mode just as apps do. This change will help security developers provide a high level of security, easier recovery, and there will be less impact to Windows in the event of a crash or mistake. A private preview will be made available for our security product ecosystem in July 2025. And, in alignment with the Secure Future Initiative, we are adopting safer programming languages, gradually moving functionality from C++ implementation to Rust.

Windows 11 Secure by Default: More Secure than Windows 10

Moving to Windows 11 provides a more protected environment with advanced security features. We are intently focused on raising the bar to ensure robust defense against sophisticated attacks. All new Windows 11 PCs require a hardware-backed security baseline, such as TPM 2.0 and virtualization-based security by default. This baseline is the starting point, and the foundation needed to help secure everything else on Windows. Copilot+ PCs feature Windows Hello Enhanced Sign-in Security, and the built-in Microsoft Pluton security processor, ensuring they meet the high standards of secured-core PCs by default. Built into new Windows 11 PCs, including Copilot+ PCs, are a growing list of existing features now enabled by default, or with additional protections added to significantly reduce the potential for attacks. These changes make Windows 11 more secure by default than Windows 10, from the chip to the cloud. Examples include Credential Guard, vulnerable driver block list, Local Security Authority (LSA) protection now enabled by default for new consumer devices, and BitLocker enabled by default on most modern systems. In addition, insecure code and crypto algorithms have been removed, and kernel attack surfaces, like Tool Tips, have been moved to user mode. Our security teams are working hard for you, so you don’t need to spend your time manually enabling security on new or upgraded PCs. Our focused security work, driven by observing attacker patterns and behaviors, has resulted in a reported 62% drop in security incidents and a threefold reduction in firmware attacks and 2.9 times fewer instances of identity theft reported.¹

New Windows 11 Security

Security is a pursuit, and not a destination. Today, I am announcing new features to help commercial customers with three longstanding challenges with Windows security — overprivileged users and applications; unverified apps and drivers; and insecure credentials and authentications. These capabilities have been top requests from customers around the world, including our internal Microsoft security team who we are working with to ensure real-world testing in preparation for scaling to our largest customers.

Reducing Administrator Privileges

Running users and apps as administrator violated the principle of least privilege and leads to many security incidents. As noted in the 2024 Microsoft Digital Defense Report, token theft incidents, which abuse user’s privileges, have grown to an estimated 39,000 per day². With that in mind, organizations today have a complex binary challenge when setting up policy for employees. The choice is between having users with standard user permissions or users with administrator permissions. By choosing to run with administrator permissions, you can do every modification you need — like adjusting the time-zone, making registry changes, installing applications and many other tasks without friction. However, the bad news is that if malware infects your account, it then also has direct access to critical system resources, and can silently make changes that cause disruption, result in data loss, or worse. By contrast, standard user permission offers better security. User access to critical system resources is blocked by default, and it helps block malware or apps from silently changing machine configurations. However, standard user permission is frustrating for users as they cannot do some common tasks like changing the time settings or installing productivity applications, because in many cases a standard user will not have the administrator credential. Standard user permission also creates an additional overhead for IT to help users with acceptable tasks, unless they have tools such as Microsoft Intune Endpoint Privilege Management.

Administrator protection, currently in preview, is a new solution where users have the security of standard user permissions by default, but can still easily make system changes, including app installation, on their PCs when needed. With administrator protection, if a system change requires administrator rights, like some app installations, the user is prompted to securely authorize the change using Windows Hello. Windows creates a temporary isolated admin token to get the job done. This temporary token is immediately destroyed once the task is complete, ensuring that admin privileges do not persist. Administrator protection helps ensure that users, and not malware, remain in control of system resources. It will also be disruptive to attackers as they no longer have automatic, direct access to the kernel or other critical system security without specific Windows Hello authorization.

[caption id="attachment_179206" align="alignnone" width="815"] User prompts for authorizing admin operations[/caption]

Protecting Credentials

Credential and identity theft is a prime focus of cyberattacks. In fact, Microsoft Entra data shows that of more than 600 million identity attacks per day, more than 99% are password-based³. And our findings reveal that Multifactor Authentication (MFA) offers outstanding protection, with over 99.99% of MFA-enabled accounts remaining secure during the investigation period⁴. We continue to add additional protection for credentials and authentications.

Windows Hello is the built-in MFA solution on Windows. It has been further hardened and extended to support passkeys. You no longer need to choose between a simple sign-in and a safe sign-in. Windows Hello is also being used to protect Recall and Personal Data Encryption.

Trusted Apps and Drivers

Many attacks occur due to users downloading unsafe or unsigned apps and drivers. We continue to add protections to help you defend yourself and your organization from malicious apps and drivers.

Smart App Control and App Control for Business policies provide peace of mind that only verified apps can run on your device. This eliminates attacks like malicious attachments or social engineered malware. With the power of AI, we’ve made it much simpler to deploy. IT admins can simply select the ‘signed and reputable policy’ template in the app control wizard. This enables millions of verified apps to run regardless of the deployment location. Line of business apps unknown to Microsoft can be easily added by the IT admin through policy changes or via Microsoft Intune managed app deployments.

Windows Protected Print works seamlessly with Mopria-certified devices and does not require third-party drivers. It is designed to mitigate many of the past security issues with print drivers, and offers a more streamlined experience.

Data Protection

Your commercial data is one of the most important assets for your business, and we are providing more encryption options, including Personal Data Encryption.

Personal Data Encryption for known folders is a new Windows 11 Enterprise capability using Windows Hello authentication to help protect files stored in the Desktop, Documents and Pictures folders. Protection is indicated by the lock icon on the file. With Personal Data Encryption enabled, a device administrator won't be able to view file content, as the files remain encrypted until you authenticate with Windows Hello. An IT admin, using Microsoft Intune (or another management tool) can select all or a subset of these folders to apply Personal Data Encryption. It integrates with OneDrive and SharePoint on Microsoft 365 to allow for easy collaboration. Personal Data Encryption can be used independently of BitLocker, or other solutions, and when combined with BitLocker, it offers double encryption protection. Enterprise developers can also leverage the Personal Data Encryption API to extend protection of their application data.

OS Management and Configuration

In addition to evolving security features, we continue to evolve tools to enable IT to manage and configure Windows at scale.

Hotpatch in Windows is being introduced for Windows 11 Enterprise 24H2 and Windows 365. This revolutionary feature allows businesses to apply critical security updates without requiring a system restart, shortening your time to adopt critical security updates by up to 60% from the moment a security update is offered. With hotpatching through your Windows Autopatch settings in Microsoft Intune, you can reduce the number of system restarts for Windows updates from 12 times a year to just four, minimizing security risk while keeping systems secure and productivity uninterrupted. This means consistent protection, and a streamlined, seamless experience for your users. Hotpatch in Windows is currently in preview.

Zero Trust DNS. Network destinations are often defined by domain names, making enforcement challenging. Zero Trust DNS restricts Windows devices to approved domains, blocking outbound IPv4 and IPv6 traffic unless resolved by a Protected DNS server or allowed by IT admin. Learn more about the Zero Trust DNS preview.

Config Refresh, available now, is a frequently requested feature as configuration drift can occur when a user or app makes changes to a PCs system registry. Config Refresh helps enforce MDM-defined security policies by automatically returning PC settings to the preferred configuration. Config Refresh works locally on the PC without needing to connect to the MDM, so devices can self-manage settings drift even when offline.

Security and Innovation for a Reliable Digital Future

Nearly 40 years after its launch, Windows continues to evolve to meet the challenges of the ever-changing digital landscape and delivering on expectations for reliability and security. Security is a team effort; by collaborating with OEM partners, app developers and others we deliver Windows from chip to cloud, secure by design and default. The updated Windows Security book is available to help you understand how to stay secure with Windows. Learn more about Windows 11 and Copilot+ PCs. To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity. ¹ Windows 11 Survey Report. Techaisle, September 2024. Windows 11 results are in comparison with Windows 10 devices. ² Microsoft Digital Defense Report 2024 ³ Microsoft Digital Defense Report 2024 ⁴ How effective is multifactor authentication at deterring cyberattacks? - Microsoft Research Editor's note -- Nov. 25, 2024 -- Footnotes were added for clarity.

Update on Recall security and privacy architecture

David Weston, Corporate Vice President, Enterprise and OS Security at Microsoft — Fri, 27 Sep 2024 17:17:12 +0000

Overview

As AI becomes more integral to Windows, Microsoft is doing more with AI on the edge with the power of a 40+ TOPS Neural Processing Unit on Copilot+ PCs. This enables lower latency, better battery life for AI intense tasks, use of AI experiences without an internet connection and better privacy by retaining information locally. Moving models and AI-related data processing onto the PC also creates unique security challenges that need to be accounted for in the product design. This blog outlines the security and privacy models, security architecture and technical controls implemented in Recall (preview), an all-new exclusive experience coming to Copilot+ PCs. Recall is designed to help you instantly and securely find what you’ve seen on your PC.

Security and privacy design principles

Recall is designed with security and privacy in mind and built on four principles aligned to the updates announced in June:

The user is always in control.
- Recall is an opt-in experience. During the set-up experience for Copilot+ PCs, users are given a clear option whether to opt-in to saving snapshots using Recall. If a user doesn’t proactively choose to turn it on, it will be off, and snapshots will not be taken or saved. Users can also remove Recall entirely by using the optional features settings in Windows.
Sensitive data in Recall is always encrypted and keys are protected.
- Snapshots and any associated information in the vector database are always encrypted. The encryption keys are protected via the Trusted Platform Module (TPM), tied to a user’s Windows Hello Enhanced Sign-in Security identity, and can only be used by operations within a secure environment called a Virtualization-based Security Enclave (VBS Enclave). This means that other users cannot access these keys and thus cannot decrypt this information. [caption id="attachment_179112" align="aligncenter" width="1024"] Recall Out-of-Box-Experience Page[/caption]
Recall services that operate on snapshots and associated data are isolated.
- Within Recall, the services that operate on screenshots and associated data or perform decryption operations reside within a secure VBS Enclave. The only information that leaves the VBS Enclave is what is requested by the user when actively using Recall.
Users are present and intentional about the use of Recall.
- Recall leverages Windows Hello Enhanced Sign-in Security to authorize Recall-related operations. This includes actions like changing Recall settings and run-time authorization of access to the Recall user interface (UI). Recall also protects against malware through rate-limiting and anti-hammering measures. Recall currently supports PIN as a fallback method only after Recall is configured, and this is to avoid data loss if a secure sensor is damaged.

Recall security model

Recall snapshots and associated data are protected by secure VBS Enclaves. VBS Enclaves use the same hypervisor as Azure to segment the computer’s memory into a special protected area where information can be processed. Using Zero Trust principles, code in these enclaves can use cryptographic attestation protocols to safeguard that the environment is secure before performing sensitive operations, such as snapshot processing. This area acts like a locked box that can only be accessed after permission is granted by the user through Windows Hello. VBS Enclaves offer an isolation boundary from both kernel and administrative users. Recall snapshots are available only after you authenticate using Windows Hello credentials. Specifically, Windows Hello Enhanced Sign-in Security biometric credentials protect your privacy and actively authenticate you to query your semantic indices and view associated snapshots. [caption id="attachment_179135" align="aligncenter" width="1024"] Figure 1 Enhanced Sign-in Security Architecture[/caption] Biometric credentials must be enrolled to search Recall content. Using VBS Enclaves with Windows Hello Enhanced Sign-in Security allows data to be briefly decrypted while you use the Recall feature to search. Authorization will time-out and require the user to authorize access for future sessions. This restricts attempts by latent malware trying to ’ride along’ with a user authentication to steal data.

Recall privacy controls

Recall is always opt-in. Snapshots are not taken or saved unless you choose to use Recall. Snapshots and associated data are stored locally on the device. Recall does not share snapshots or associated data with Microsoft or third parties, nor is it shared between different Windows users on the same device. Windows will ask for your permission before saving snapshots. You are always in control, and you can delete snapshots, pause or turn them off at any time. Any future options for the user to share data will require fully informed explicit action by the user. Windows offers a rich set of tools to help you control your privacy and customize what gets saved for you to find later in Recall.

In-private browsing in supported browsers is never saved.
Users can filter out specific apps or websites viewed in supported browsers.
Users can control how long Recall content is retained and how much disk space is allocated to snapshots.
Sensitive content filtering is on by default and helps reduce passwords, national ID numbers and credit card numbers from being stored in Recall. Recall leverages the libraries that power Microsoft’s Purview information protection product, which is deployed in enterprises globally.
Find something you didn’t mean to save? You can delete a time range, all content from an app or website or anything and everything found in Recall search.
An icon in the system tray will help you know when snapshots are being saved and makes it easy to quickly pause saving snapshots.

With the Recall controls a user can store as much or as little as they would like and remain in control. Note: Like any Windows feature, some diagnostic data may be provided based on the user’s privacy settings.

Recall architecture

The core components of the Recall architecture are the following:

Secure Settings

A protected data store used within the VBS Enclave, which stores security configuration data for Recall. To make any changes to security-sensitive settings a user must authorize the actions taken within the enclave to prevent malicious tampering. In addition, the settings are secure by default, meaning if tampering is detected they will revert to secure defaults.

Semantic Index

The semantic index converts images and text into vectors for later search. These vectors may reference private information extracted from snapshots, so these vectors are encrypted by keys protected within the VBS Enclave. All query operations are performed within the VBS Enclave.

Snapshot Store

Contains the saved snapshots and associated metadata, including any launch URIs provided by apps integrating with Recall User Activity API, as well as data like the time of the snapshot, title bar string, app dwell times, etc. Each snapshot is encrypted by individual keys and those keys are protected within the VBS Enclave.

Recall User Experience

The UI experience that users leverage to find things they have done on their PC, including timeline, search and viewing specific snapshots.

Snapshot Service

Background process that provides the run time for saving new snapshots, as well as querying and processing data returned by the VBS Enclave. [caption id="attachment_179134" align="aligncenter" width="1024"] Figure 2 Recall Security Architecture[/caption] Recall’s storage services reside in a VBS Enclave to protect data, keys and tampering from malware or attackers operating on the machine. Recall components such as the Recall UI operate outside the VBS Enclaves and are untrusted in this architecture. Because the Snapshot Service must release information requested by a user by design, a key tenet of the design is to reduce the potential for exfiltration of data outside the normal use of the Recall system. Processes outside the VBS Enclaves never directly receive access to snapshots or encryption keys and only receive data returned from the enclave after authorization. The authorization period has a timeout and anti-hammering protection that limit the impact of malicious queries. The Snapshot Service is a protected process further limiting malicious access to memory containing the data returned from the query outside the VBS Enclave. Protected processes are the same technology used to protect anti-malware and the Windows LSA host from attacks. Lastly, the Recall VBS Enclave leverages concurrency protection and monotonic counters to prevent malicious users from overloading the system by making too many requests. Additional architectural properties that are key to security for Recall:

Bound and verified VBS Enclaves

Encryption keys used by Recall are cryptographically bound to the identity of the end user, sealed by a key derived from the TPM of the hardware platform and are performed entirely within the trusted boundary of Virtual Trust Level 1 (VTL1).
Virtualization Based Security (VBS) – the hypervisor provides the secure enclave environment, which loads integrity-verified code into a confidential and isolated TEE.

Recall only operates on Copilot+ PCs

Recall only operates on Copilot+ PCs that meet the Secured-core standard and include the following capabilities by default, which are verified by Recall:

BitLocker (Windows 11 Pro) and Device Encryption (Windows 11 Home) TPM (Trusted Platform Module) 2.0 – the TPM provides root of trust for the secure platform, management of keys used by the Secure Enclave TEE and additional platform hardening primitives, such as un-forgeable monotonic counters.
Virtualization-based security and hypervisor enforced code integrity.
Measured Boot and System Guard Secure Launch – If a machine is not booted securely, it cannot attest to the system's security state and release keys, which can unseal content previously protected, thus mitigating early boot attacks.
Kernel DMA Protection against peripheral attacks.

Recall security reviews

In addition to designing and architecting Recall with security, privacy and responsible AI in mind, we have also conducted a set of thorough security assessments of the feature. This includes the following efforts to ensure a thoughtful and secure approach:

The Microsoft Offensive Research & Security Engineering team (MORSE) has conducted months of design reviews and penetration testing on the Recall.
A third-party security vendor was engaged to perform an independent security design review and penetration test.
A Responsible AI Impact Assessment (RAI) was completed, which covered risks, harms and mitigations analysis across our six RAI principles (Fairness, Reliability & Safety, Privacy & Security, Inclusiveness, Transparency, Accountability). A cohesive RAI Learn and Support document was developed for increasing awareness internally, and external facing RAI content was published to drive trust and transparency with our customers.

Conclusion

Recall’s secure design and implementation provides a robust set of controls against known threats. Microsoft is committed to making the power of AI available to everyone while retaining security and privacy against even the most sophisticated attacks. We truly believe that security is a team effort. By partnering with OEMs, app developers and others in the ecosystem, along with helping people to be better at protecting themselves, we are delivering a Windows experience that is more secure by design and secure by default. The Windows 11 Security Book is available to help you learn more about what makes it easy for users to stay secure with Windows. To learn more about Microsoft Security solutions, visit our website. Bookmark the Microsoft Security Blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity. Editor’s note – Oct. 1, 2024: In the post above, the text of the first security and privacy design principle and two images showing block diagrams of architecture were updated. Editor’s note – Sept. 27, 2024: Information about Microsoft’s Purview protection product was updated.

Taking steps that drive resiliency and security for Windows customers

David Weston, Corporate Vice President, Enterprise and OS Security at Microsoft — Thu, 12 Sep 2024 17:00:22 +0000

On Tuesday, Sept. 10, we hosted the Windows Endpoint Security Ecosystem Summit. This forum brought together a diverse group of endpoint security vendors and government officials from the U.S. and Europe to discuss strategies for improving resiliency and protecting our mutual customers’ critical infrastructure. Although this was not a decision-making meeting, we believe in the importance of transparency and community engagement. Therefore, we’re sharing the key themes and consensus points discussed during the summit, offering insights into our initial conversations. We want to thank every one of our summit attendees for dedicating their time to participating in these meaningful discussions. The CrowdStrike incident in July underscored the responsibility security vendors have to drive both resiliency and agile, adaptive protection. And it was inspiring to see the engagement throughout the event’s agenda and activities. Together with our Microsoft Virus Initiative (MVI) partners—companies who develop endpoint protection and additional security products for Windows, covering client, server and IoT—we discussed the complexities of the modern security landscape, acknowledging there are no simple solutions. A key consensus point at the summit was that our endpoint security vendors and our mutual customers benefit when there are options for Windows and choices in security products. It was apparent that, given the vast number of endpoint products on the market, we all share a responsibility to enhance resiliency by openly sharing information about how our products function, handle updates and manage disruptions. In the short term, we discussed several opportunities to improve how we support the safety and resiliency of our mutual customers. First, we spent time going into depth on how we employ Safe Deployment Practices (SDP) at Microsoft and where we can create shared best practices as a community, including sharing data, tools and documented processes. We face a common set of challenges in safely rolling out updates to the large Windows ecosystem, from deciding how to do measured rollouts with a diverse set of endpoints to being able to pause or rollback if needed. A core SDP principle is gradual and staged deployment of updates sent to customers. Microsoft Defender for Endpoint publishes SDPs and many of our ecosystem partners such as Broadcom, Sophos and Trend Micro have shared how they approach SDPs as well. This rich discussion at the Summit will continue as a collaborative effort with our MVI partners to create a shared set of best practices that we will use as an ecosystem going forward. Beyond the critical SDP work, there are several ways we can enhance our support for customers in the near term. Building on the MVI program we have today, we discussed how Microsoft and partners can increase testing of critical components, improve joint compatibility testing across diverse configurations, drive better information sharing on in-development and in-market product health, and increase incident response effectiveness with tighter coordination and recovery procedures. These are a sampling of the topics we plan to make rapid progress on, to improve our collective customers’ security and resiliency. In addition, our summit dialogue looked at longer-term steps serving resilience and security goals. Here, our conversation explored new platform capabilities Microsoft plans to make available in Windows, building on the security investments we have made in Windows 11. Windows 11’s improved security posture and security defaults enable the platform to provide more security capabilities to solution providers outside of kernel mode. Both our customers and ecosystem partners have called on Microsoft to provide additional security capabilities outside of kernel mode which, along with SDP, can be used to create highly available security solutions. At the summit, Microsoft and partners discussed the requirements and key challenges in creating a new platform which can meet the needs of security vendors. Some of the areas discussed include:

Performance needs and challenges outside of kernel mode

Anti-tampering protection for security products

Security sensor requirements

Development and collaboration principles between Microsoft and the ecosystem

Secure-by-design goals for future platform

As a next step, Microsoft will continue to design and develop this new platform capability with input and collaboration from ecosystem partners to achieve the goal of enhanced reliability without sacrificing security. Finally, there are important steps customers can take today to increase resiliency in their current deployments. In addition to the important conversations summarized above, there are several practical, vendor-neutral steps enterprises can benefit from, including having business continuity planning (BCP) and a major incident response plan (MIRP) in place and backing up data securely and often. It was clear from kickoff through closing at the summit that as platform and endpoint security providers, we are all focused on the productive conversations that need to be happening. We're competitors, we're not adversaries. The adversaries are the ones we need to protect the world from. We are grateful for the support and input from this community and excited about the conversations in progress and work we have ahead. Vendors participating in the Windows Endpoint Security Ecosystem Summit offer remarks with further perspective: Adam Bromwich, CTO and Head of R&D, Enterprise Security Group, Broadcom: “Organizations today benefit from a diverse, layered security defense. As a result, industry collaboration is vital to helping organizations stay ahead of persistent threats and remain resilient when unexpected business disruptions occur. As a long-time Microsoft Virus Initiative (MVI) Partner, Broadcom recognizes that working closely with Microsoft and other security vendors not only helps improve our customers' security posture, including endpoint protection, but also the greater global digital ecosystem.” Drew Bagley, VP & Counsel, Privacy and Cyber Policy, CrowdStrike: “We appreciated the opportunity to join these important discussions with Microsoft and industry peers on how best to collaborate in building a more resilient and open Windows endpoint security ecosystem that strengthens security for our mutual customers." ESET: "ESET supports modifications to the Windows ecosystem that demonstrate measurable improvements to stability, on condition that any change must not weaken security, affect performance, or limit the choice of cybersecurity solutions. It remains imperative that kernel access remains an option for use by cybersecurity products to allow continued innovation and the ability to detect and block future cyberthreats. We look forward to the continued collaboration on this important initiative." Ric Smith, Chief Product and Technology Officer, SentinelOne: "SentinelOne thanks Microsoft for its leadership in convening the Windows Endpoint Security Ecosystem Summit and we are fully committed to helping drive its goal of reducing the chance of future events like the one caused by CrowdStrike. We believe that transparency is critical and strongly agree with Microsoft that security companies must live up to stringent engineering, testing and deployment standards and follow software development and deployment best practices. We are proud that we have followed the processes that Microsoft has discussed today for years and will continue to do so going forward." Joe Levy, CEO, Sophos: “We are honored to be a part of the Windows Endpoint Security Ecosystem Summit. It was a welcome opportunity to join industry peers in an open discussion of advancements that will serve our customers by elevating the resilience and robustness of both Microsoft Windows and the endpoint security ecosystem. We were very pleased to see Microsoft support many of Sophos' recommendations, based on the collection of architectural and process innovations we’ve built over the years and present today on the 30 million Windows endpoints we protect globally. The summit was an important and encouraging first step in a journey that will produce incremental improvement over time, and we look forward to collaborating in the design and delivery of more resilient and secure outcomes to our customers.” Karan Sondhi, CTO, Public Sector, Trellix: "Responsible security starts with vendor's architecture, coordination with the ecosystem and prioritization of resilience for all. The time for collaboration across our industry and government to stay ahead of our adversaries is now." Kevin Simzer, Chief Operating Officer, Trend Micro: “I applaud Microsoft for opening its doors to continue collaborating with leading endpoint security leaders, to make our mutual customers even more cyber resilient. Looking forward to more collaboration.”

Acer Pluton-powered TravelMate devices are here

David Weston, Corporate Vice President, Enterprise and OS Security at Microsoft — Wed, 18 May 2022 18:47:35 +0000

The global threat of cybersecurity continues to plague organizations of all sizes, with new data showing adversaries have been using zero-day exploits in 2021 at more than double the previous recorded volume in 2020. Password attacks are one of the most common entry points for attackers and Microsoft reported that in 2022 over 921 password attacks happen every second – nearly doubling over the prior 12 months. Microsoft processes 24 trillion signals every 24 hours and has blocked billions of attacks in the last year alone, while tracking ~250 unique threat actors across observed nation-state, ransomware and criminal activities. To stay protected in the face of these mounting threats, customers need modern security solutions that deliver end-to-end protection from wherever they choose to work. Windows 11 is built with Zero Trust principles for the new era of hybrid work. Zero Trust is a security model based on the premise that every access request is fully authenticated, authorized, and encrypted before granting access. Windows 11 raises the security baselines with new requirements built into hardware, firmware and software to help ensure a strong security posture that reduces malware which can otherwise compromise older devices. With Windows 11, customers can enhance hybrid productivity and new experiences without compromising security. https://youtu.be/j3Fs6QdubEg Built on the principles of Zero Trust, the hardware and silicon-assisted security baseline in Windows 11 — including the TPM 2.0, UEFI Secure Boot and Memory Integrity — help protect core parts of the OS as well as the user’s credentials as soon as the device powers on. These features provide important protections from many attack patterns we see in practice today. However we know that adversaries have shifted their sights to more exotic techniques including hardware attacks. This is why Microsoft is committed to the Pluton Security Processor as an innovative solution to securing the next generation of Windows PCs against these emerging threats.

Microsoft Pluton fortifies chip to cloud security in new Acer TravelMate Devices

Today, we are thrilled to see Acer and AMD launch the Acer TravelMate P4 and TravelMate Spin P4 series of business laptops with the latest AMD Ryzen PRO 6000 Series mobile processors with PRO technologies and with the Pluton hardware security processor designed by Microsoft. In these devices, the Microsoft Pluton technology is integrated directly into the CPU, significantly raising the Acer TravelMate’s ability to withstand sophisticated physical attacks if the device is lost or stolen. These are the first devices incorporating Pluton that ship with the Pluton Security Processor enabled by default out of the factory, enhancing security from the chip to cloud and enabling secure Windows updates to Pluton as the threat landscape continues to evolve. This flexibility and updateability is critical to protecting the device as well as identities and data that reside on it. [caption id="attachment_177234" align="aligncenter" width="989"] TravelMate Spin P4[/caption] The Microsoft Pluton Security Processor brings some incredibly important capabilities that address customers’ biggest concerns in this era of hybrid work, and a continuously evolving and increasingly sophisticated threat landscape:

Chip to cloud security

Making Pluton easy to securely update at scale is a key design decision of its architecture. Renewable security is one of Microsoft’s seven properties of a highly secured device and is critical to addressing real world threats – namely that devices continue to be exploited through vulnerable unpatched firmware. Organizations face serious challenges in their ability to discover and mitigate firmware threats, which is why Microsoft is using the power and reliability of Windows Update to help keep Pluton up to date.

Physical attack resistance

Research from the FBI shows that a laptop is stolen every 53 seconds on average. The University of Pittsburgh found that a laptop has a 1 in 10 chance of being stolen during its lifetime and that 98% of stolen laptops are never recovered. Even if the attacker has complete physical possession of the PC, the co-existence of the AMD CPU with Pluton on the same silicon die makes physical attacks on the hardware substantially more complex and costly. [caption id="attachment_177235" align="aligncenter" width="971"] TravelMate P4[/caption]

Industry standards support

One of the capabilities Pluton provides is a fully compliant TPM 2.0 implementation. Devices using the Pluton TPM 2.0 offer all the same features provided by other TPMs but benefit from the CPU integrated security posture, the design for renewability, and Windows TPM based features that are validated to run seamlessly on Pluton. Microsoft remains committed to support industry standards and certifications and have formally submitted the AMD Ryzen based Pluton implementation for FIPS 140-3 cryptographic module validation. Microsoft is also committed to ensure that the TPM functionality in Linux can use Pluton just like any other TPM.

Acer TravelMate devices also meet Secured-core PC requirements

In addition to incorporating Pluton, the Acer TravelMate P4 and TravelMate Spin P4 also meet Microsoft’s Secured-core PC requirements, ensuring they can meet the needs of the most security conscious customers. Secured-core PCs strengthen protection against advanced threats such as kernel attacks from ransomware. Secured-core PCs help prevent malware attacks and reduce the impact of firmware vulnerabilities by launching into a clean and trusted state at startup, with a hardware enforced root of trust, stopping infections in their tracks. Virtualization-based security comes enabled by default. And with built in hypervisor protected code integrity that protects system memory, Secured-core PCs help ensure that all operating system code is trustworthy, and executables are signed by known and approved authorities only. Our data shows that these devices are 60% more resilient to malware than PCs that don’t meet the Secured-core specifications.

Continuing the Pluton journey with the Windows ecosystem

Our OEM partners are leveraging platforms from silicon partners to offer customers Windows systems with Pluton enabled. This is the continuation of a journey with the Windows ecosystem to bring the Pluton benefits of cloud-delivered, continuously updated protection with physical attack resilience to more Windows systems over time. Look for updates from Microsoft and our partners in the future around expanded hardware availability of Pluton. Learn more about the Microsoft Pluton and Windows 11 Secured-core PCs.

MWC 2022: The next Microsoft Pluton Device + PAC technology

David Weston, Corporate Vice President, Enterprise and OS Security at Microsoft — Mon, 28 Feb 2022 08:01:44 +0000

2021 and into 2022 have seen continued innovation in the attack landscape as cybercriminals refine tactics and tools to evade defenses. 2021 saw the highest year on record for zero-day exploits, increased firmware attacks and new tampering attacks targeting security agents. Microsoft and our silicon partners have been vigilant in working to address these trends and we’re proud to share that Qualcomm and Microsoft have partnered on innovations designed to help keep the security capabilities in Windows 11 ahead of attackers. We’re excited today to announce that the Lenovo ThinkPad X13s, built with the Qualcomm Snapdragon 8cx Gen 3, is the first ARM platform for Windows that is built on the Microsoft Pluton security architecture. Pluton is at the center of the security capabilities for Windows 11 providing protection in the boot, identity, credential protection and encryption processes. Pluton also supports chip-to-cloud zero trust using the Azure Attestation Service with Intune. Beyond integrating Pluton, the Lenovo ThinkPad X13s is also a certified secured-core PC, which provides the best possible security capabilities for Windows 11 right out of the box.

Pluton provides security from the chip to the cloud

Microsoft Pluton is a security processor architecture, pioneered in Xbox and Azure Sphere, that is designed to store sensitive data, like encryption keys, securely with hardware that is integrated into the die of a device’s CPU. This makes access more difficult for attackers, even if they have physical possession of a device. https://youtu.be/e_N4m7GIVgE Windows 11 PCs built on top of Qualcomm’s latest Snapdragon 8cx Gen 3 Compute Platform, with Qualcomm® Secure Processing Unit (SPU), will leverage advanced hardware capabilities from Microsoft Pluton and Pointer Authentication Codes (PAC). Pluton will leverage advanced hardware capabilities while built-in security countermeasures from PAC protect against common exploit patterns to help customers strengthen their device security posture. On Windows 11 PCs like the Lenovo ThinkPad X13s built with the Qualcomm Snapdragon 8cx Gen 3 Compute Platform, Pluton will provide customers with:

Security updates delivered from the cloud to Pluton

Alongside support for standard industry controls, Microsoft will help keep the Pluton security processor’s firmware up to date through the Windows Update process.

Physical attack resistance

With Pluton being on the die of the device’s System on a Chip (SoC), attack vectors like bus interfaces that pass data between the SoC and other components on a motherboard are not exposed to physical attacks.

Trusted, proven security built alongside our partners

Built on approaches and technologies used in Xbox and Azure Sphere, Pluton is the result of years of collaboration between Microsoft and Qualcomm Technologies and our other ecosystem partners. Alongside other lessons learned from Xbox that have been incorporated into secured-core PCs which help reduce malware instances by 60% and the Windows 11 hardware baselines, Pluton helps to protect sensitive data and add visibility to the boot process in tamper-resistant ways.

ARM pointer authentication in the QC 8CX G3 helps customers stay ahead of zero-day exploits

With zero-day exploits targeting memory safety issues reaching record numbers in 2021, Microsoft has continued investing in mitigations against sources of vulnerabilities, including partnering with silicon providers to launch new capabilities like hardware shadow stacks which help disrupt common zero-day exploit techniques. The hardware stack protection (HSP) feature in Windows 11 leverages hardware support to efficiently store return addresses in a shadow stack alongside the software call stack in all programs. This helps to address a common attack in zero-day exploits where the software stack is modified or hijacked to execute malicious code. With the HSP feature the software stack must match the return addresses store in hardware. If there is a mismatch, a process is safely terminated by the operating system, preventing a successful attack. With Windows 11 on the Snapdragon 8cx Gen 3, the ARM pointer authentication hardware capability provides similar robust mitigation against exploits that leverage return-oriented programming (ROP) or stack modification techniques on ARM-based Windows systems. Windows binaries are compiled with Pointer Authentication Code instructions, injecting a hash (the PAC) for return addresses at function prologue and verifying the hash immediately before function return to verify that the return address has not been tampered. Windows 11 utilizes the Snapdragon 8cx Gen 3 hardware schemes to generate and verify the PAC to provide resilience against attacks that overwrite the intended return address. This helps to break a common technique attackers use to try to execute malicious code. Windows 11 and the Snapdragon 8cx Gen 3 provide advanced capabilities like Microsoft Pluton, Secured-core firmware protection and ARM Pointer Authentication, which together provide the best level of protection for Windows PCs. With devices like the Lenovo ThinkPad X13s with Windows 11, customers are empowered to work and play from anywhere with greater peace of mind knowing that protection is built-in from the chip to the cloud to keep attackers at bay. Learn more about Microsoft Pluton and secured-core PCs.

CES 2022: Chip to cloud security: Pluton-powered Windows 11 PCs are coming

David Weston, Corporate Vice President, Enterprise and OS Security at Microsoft — Tue, 04 Jan 2022 16:02:12 +0000

As we enter this new year, security remains a top concern as businesses continue to evolve and define their digital transformation strategies and what hybrid work means for their organizations and their employees. Over the last year, we've seen a 121% increase in ransomware attacks. Every second there are 921 password attacks, and since March 2020 the industry has seen a 667% increase in phishing attacks. While cloud-delivered protections and significant advancements in the Windows OS have made things more difficult for attackers, they continue to evolve as well – targeting the seams that exist between hardware and software and sensitive information like encryption keys and credentials within a device’s firmware. Security decision makers have taken note. The Microsoft Security Signals 2021 survey found that 80% believe that modern hardware, and not just software, is needed to protect against emerging threats. These modern, sophisticated threats, combined with today’s distributed workforce, require solutions that are designed to protect each layer of computing from the chip to the cloud. To deliver that for our customers, we’ve made several important strides with the release of secured-core PCs, Windows 11 and the Microsoft Pluton security processor. The Microsoft Pluton is a security processor, pioneered in Xbox and Azure Sphere, designed to store sensitive data, like encryption keys, securely within the Pluton hardware, which is integrated into the die of a device’s CPU and is therefore more difficult for attackers to access, even if they have physical possession of a device. This design helps ensure that emerging attack techniques cannot access key material. https://youtu.be/utfK3myvIlA Today, we are thrilled to see Lenovo and AMD introduce one of the first Microsoft Pluton powered PCs. The new Lenovo device powered by AMD Ryzen 6000 Series processors introduces a valuable new hardware security capability for Windows customers, including:

Security updates from the chip to the cloud
- The Pluton security processor’s firmware will be updateable through Windows Update along with standard industry controls. This tightly integrated hardware and software helps protect against security vulnerabilities by adding additional visibility and control, and provides a platform for innovation that allows customers to benefit from new features in future releases of Windows that leverage the Pluton hardware and, with this design, are adaptable to changes in the threat landscape.
Physical attack resistance
- Even if the attacker has complete physical possession of the PC, the AMD Security Processor and Pluton are designed to co-exist on AMD client silicon to ensure constant communication, which helps to eliminate an attack vector that physical attackers could exploit.
Trusted, proven security built alongside our partners built on approaches and technologies used in Xbox and Azure Sphere.

Improving security for all Windows users with innovation built on partnerships

Pluton’s flexible, secure platform helps to improve security across a range of scenarios that benefit everyday consumers, small businesses and large commercial enterprises. Supporting the needs of our customers is always a top priority, which is why Pluton can be configured in three ways: as the Trusted Platform Module; as a security processor used for non-TPM scenarios like platform resiliency; or OEMs can choose to ship with Pluton turned off. That means for devices like the Lenovo ThinkPad Z13 and Z16, when Pluton is configured as the TPM 2.0 for a Windows 11 system, Pluton helps protect Windows Hello credentials by keeping them further isolated from attackers. Device encryption can use Pluton when it is configured as the TPM to securely protect encryption keys from physical attacks and help keep data safe from prying eyes. The flexibility of Pluton and the innovation supported by Microsoft’s ecosystem partners allow the hardware security capabilities supported by Pluton to be used for scenarios beyond the TPM. The first example of such a scenario was developed in close partnership with multiple OEMs. Windows will use Pluton to securely integrate with other hardware security components on the system to provide greater visibility into the state of the platform to the Windows end user and eventually to IT administrators, who will have new platform resiliency signals that can be used for zero-trust conditional access workflows. Windows OEMs work closely with commercial customers to help ensure that their device security needs are met. Given that OEMs help build a device from the case to the motherboard and connected peripherals, they are uniquely positioned to provide customers insight into what the expected state is across these various components. In the future these signals will also be reported to cloud services like Intune, through the Microsoft Azure Attestation service, so that they can be used by IT administrators to take a step further in the zero-trust security paradigm of verifying as much as possible before authorizing access to any privileged resources. To learn more about Lenovo’s device, visit their website.

The start of the Pluton journey with the Windows ecosystem

Our OEM partners are leveraging platforms from silicon partners to begin offering customers Windows systems with Pluton enabled. This is the start of a journey with the Windows ecosystem to bring the Pluton benefits of cloud-delivered, up-to-date protection, physical attack resilience and established security features to more Windows systems over time. Look for updates from Microsoft and our partners in the future around expanded hardware availability of Pluton. Editor’s note – May 24, 2022 – The introduction and physical attack resistance paragraphs above were updated.