News

Microsoft Issues 2025 Identity Security Best Practices

Microsoft has outlined key identity management strategies to help enterprises safeguard their data in 2025.

The key, according to the company, is to adopt "proactive defensive measures" to protect against growing AI-based attacks and widespread phishing campaigns. After consulting with its customers, Microsoft has identified three areas in which enterprises can harden their defenses.

Start Secure, Stay Secure and Prepare for New Cyberthreats
Organizations are encouraged to adopt the "secure by default" practice by enforcing multifactor authentication (MFA) and mitigate risks associated with shadow IT and non-human identities.

"Reactive security isn't enough to safeguard your environment," said Microsoft's Joy Chik, president of Identity & Network Access at Microsoft. "Our guidance for 2025 is to always start at the highest level of security (Secure by Default), then dial back as needed for compatibility or other reasons. It’s also critical to protect all identities: employees, contractors, partners, customers, and, most importantly, machine, service, and AI identities."

Getting a handle on shadow IT is also important. Microsoft recommends that IT monitor for unauthorized apps and ensure those that are entering a network are secure by default.

To help with this, Microsoft has implemented tools like managed Conditional Access policies and phishing-resistant authentication that aim to reduce account compromises. Additionally, it's recently extended multifactor authentication requirements for more of its own services, like the Microsoft Azure and Intune portals.
Extend Zero Trust Access Controls to All Resources
Microsoft said the next consideration is to extend Zero trust principles to all resources, including legacy systems and online applications. Automation, entitlement management and lifecycle workflows can help enforce least privilege access and protect against lateral movement during potential compromises.

Microsoft recommends employing the Microsoft Entra Suite for Zero trust deployments, and tools like Microsoft Entra Private Access can be used to replace outdated VPN points of access.

Use Generative AI to Tip the Scales in Favor of Defenders
With so many new attacks implementing generative AI, it only makes sense to use the same technology to guard against it. One option is Microsoft Security Copilot, which Microsoft said help reduce the average time to address a security risk by 30.1 percent. Chik also outlined some ways in which IT can employ AI in their proactive security strategy:

  • Enhance risky user investigations: Investigate identity compromises faster with AI-powered recommendations for proactive mitigation and defense. Use natural language conversations to investigate risky users and to gain insights into elevated risk levels and risky sign-ins.
  • Troubleshoot sign-ins: Use natural language conversations to uncover root causes of sign-in failures, interruptions, or multifactor authentication prompts. Automate troubleshooting tasks and let AI discover actionable insights across user details, group details, sign-in logs, audit logs, and diagnostic logs.
  • Mitigate app risks: Use intuitive prompts to manage and remediate application risks as well as gain detailed insights into permissions, workload identities, and cyberthreats.

Wanting to practice what it preaches, Chik outlined how the company has taken recent steps to strengthen its proactive security approach, including eliminating 730,000 outdated and noncompliant apps, along with 1.7 million unused or outdated Microsoft Azure Active Directory and Microsoft Entra ID systems from production and test environments.

About the Author

Chris Paoli (@ChrisPaoli5) is the associate editor for Converge360.

Featured

  • IBM Giving Orgs a Governance Lifeline in Agentic AI Era

    Nearly overnight, organizations are facing brand-new challenges caused by self-directed AI systems (a.k.a. agentic AI). Big Blue is extending them some help.

  • Microsoft Launches Integrated E-mail Security Ecosystem for Defender for Office 365

    Microsoft is expanding its e-mail security capabilities with the launch of a new Integrated Cloud Email Security (ICES) ecosystem for Microsoft Defender for Office 365.

  • Microsoft Joins Workday's AI Agent Partner Network

    Microsoft has become a key partner in Workday's newly launched AI Agent Partner Network, aligning with other industry leaders to integrate AI agents into enterprise workforce systems.

  • LinkedIn CEO Ryan Roslansky To Lead Microsoft's Productivity Initiatives

    In a strategic leadership realignment, Microsoft has appointed LinkedIn CEO Ryan Roslansky to oversee its consumer and small business productivity software division, encompassing Microsoft 365, Teams and AI-driven tools like Copilot.