Merge pull request #789 from ZacharyRiffle/main

Creating SFI page and adding Edge browser logo
microsoft · Sep 28, 2024 · 976100f · 976100f
2 parents 6dbdbff + 7d89f52
commit 976100f
Show file tree

Hide file tree

Showing 5 changed files with 307 additions and 8 deletions.
diff --git a/_data/toc.yml b/_data/toc.yml
@@ -329,6 +329,9 @@
             - title: Q&A
               url: "skilling/microsoft-security-academy/microsoft-copilot-for-security-qa"
               tag: msa
+        - title: Secure Future Initiative 
+          url: "skilling/microsoft-security-academy/sfi"
+          tag: msa
         - title: Modules
           url: "skilling/microsoft-security-academy/modules"
           tag: msa

diff --git a/_docs/Skilling/Security Academy/Other pages/SFI.md b/_docs/Skilling/Security Academy/Other pages/SFI.md
@@ -0,0 +1,292 @@
+---
+layout: page
+title: Microsoft Secure Future Initiative
+description: Microsoft Secure Future Initiative
+permalink: /skilling/microsoft-security-academy/sfi
+updated: 2024-09-30
+showbreadcrumb: true
+tags: 
+- academy content
+- microsoft security academy
+- getting started
+---
+
+## Microsoft Security Academy
+
+
+<div style="text-align: center;">
+    <img src="https://wp.technologyreview.com/wp-content/uploads/2020/03/ms-securitylogostackedc-grayrgb-hero-copy-small_2-3.png" alt="MSA Logo" style="max-width: 100px; height: auto; margin-bottom: 20px;">
+</div>
+
+
+### Learn about Microsoft's Secure Future Initiative
+The **[Secure Future Initiative (SFI)](https://www.microsoft.com/en-us/trust-center/security/secure-future-initiative#:~:text=What%20is%20the%20Secure%20Future%20Initiative%20%28SFI%29%3F%20The,solutions%20meet%20the%20highest%20possible%20standards%20for%20security.?msockid=330c4da567d667543ffd5c5666b966cf)** is a multiyear initiative to evolve the way we design, build, test, and operate our products and services, to achieve the highest possible standards for security.
+
+Read about our progress improving our security culture, governance, standards, and principles from the **[newly released SFI Progress Report](https://www.microsoft.com/en-us/security/blog/2024/09/23/securing-our-future-september-2024-progress-update-on-microsofts-secure-future-initiative-sfi/).**📢
+
+## Table of Contents
+
+This page is organized by SFI's six key pillars, each representing a critical area of cybersecurity focus.
+
+
+<div class="table-responsive">
+    <table class="table">
+        <thead>
+            <tr>
+                <th colspan="2" style="text-align: center;">Table of Contents</th>
+            </tr>
+        </thead>
+        <tbody>
+            <tr>
+                <td><strong><a href="#protect-identities-and-secrets">Protect identities and secrets</a></strong></td>
+                <td></td>
+            </tr>
+            <tr>
+                <td><strong><a href="#protect-tenants">Protect tenants</a></strong></td>
+                <td></td>
+            </tr>
+            <tr>
+                <td><strong><a href="#protect-networks">Protect networks</a></strong></td>
+                <td></td>
+            </tr>
+            <tr>
+                <td><strong><a href="#protect-engineering-systems">Protect engineering systems</a></strong></td>
+                <td></td>
+            </tr>
+            <tr>
+                <td><strong><a href="#monitor-and-detect-threats">Monitor and detect threats</a></strong></td>
+                <td></td>
+            </tr>
+            <tr>
+                <td><strong><a href="#accelerate-response-and-remediation">Accelerate response and remediation</a></strong></td>
+                <td></td>
+            </tr>
+        </tbody>
+    </table>
+</div>
+
+
+### Protect identities and secrets
+
+##### Protect identity infrastructure signing and platform keys with rapid and automatic rotation (e.g., HSMs)
+
+| **Training** |
+|-------------------------|
+| [Configure and manage secrets in Azure Key Vault](https://learn.microsoft.com/en-us/training/modules/configure-and-manage-azure-key-vault/) |
+| [Plan, implement, and manage governance for security](https://learn.microsoft.com/en-us/training/modules/governance-security/?source=recommendations) |
+| [Advance your security posture with Microsoft Intune](https://learn.microsoft.com/en-us/training/modules/m365-advance-organization-security-posture/) |
+| [Protect infrastructure with Zero Trust](https://learn.microsoft.com/en-us/training/modules/zero-trust-infrastructure/) |
+
+##### Ensure 100% of user accounts are protected with securely managed, phishing-resistant MFA
+
+| **Training** |
+|-------------------------|
+| [Secure Microsoft Entra users with MFA](https://learn.microsoft.com/en-us/training/modules/secure-aad-users-with-mfa/) |
+| [Understand Microsoft 365 Identity and Access management](https://learn.microsoft.com/en-us/training/modules/audit-identity-access-management/) |
+| [Securing you: Basics and beyond](https://learn.microsoft.com/en-us/training/modules/securing-you-basics-beyond/) |
+
+##### Ensure 100% of applications are protected with system-managed credentials (e.g., Managed Identity, Managed Certificates)
+
+| **Training** |
+|-------------------------|
+| [Manage application access in Microsoft Entra ID](https://learn.microsoft.com/en-us/training/modules/manage-application-access-microsoft-entra-id/) |
+| [Design solutions for securing applications](https://learn.microsoft.com/en-us/training/modules/design-solutions-secure-applications/) |
+
+##### Adopt more fine-grained partitioning of identity signing keys and platform keys
+
+| **Training** |
+|-------------------------|
+| [Key management in Azure](https://learn.microsoft.com/en-us/azure/security/fundamentals/key-management) |
+
+##### Ensure identity and public key infrastructure (PKI) systems are ready for post-quantum cryptography
+
+| **Training** |
+|-------------------------|
+| [NIST Releases First 3 Finalized Post-Quantum Encryption Standards](https://www.nist.gov/news-events/news/2024/08/nist-releases-first-3-finalized-post-quantum-encryption-standards#:~:text=NIST%20has%20released%20a%20final%20set%20of%20encryption,to%20e-commerce%20transactions%20that%20propel%20the%20modern%20economy.) |
+
+#### [Back to Table of Contents](/PartnerResources/skilling/microsoft-security-academy/sfi#table-of-contents)
+
+
+<div>&nbsp;</div>
+
+___
+
+
+### Protect tenants
+
+##### Maintain the security posture and commercial relationships of tenants by removing all unused, aged, or legacy systems
+
+| **Training** |
+|-------------------------|
+| [Security posture management in hybrid and multicloud environments](https://learn.microsoft.com/en-us/training/modules/design-solutions-security-posture-management-hybrid-multicloud-environments/) |
+| [Evaluate security posture of existing application portfolios](https://learn.microsoft.com/en-us/training/modules/design-solutions-secure-applications/3-evaluate-security-posture-existing-application-portfolios) |
+
+##### Protect 100% of acquired and employee-created tenants, commerce accounts, and tenant resources
+
+| **Training** |
+|-------------------------|
+| [Secure tenant administration](https://learn.microsoft.com/en-us/training/modules/design-solutions-secure-privileged-access/4-design-solution-secure-tenant-administration) |
+
+##### 100% of applications and users have continuous least-privilege access enforcement
+
+| **Training** |
+|-------------------------|
+| [Securing privileged access](https://learn.microsoft.com/en-us/training/modules/design-solutions-secure-privileged-access/) |
+
+##### Manage 100% of Microsoft Entra ID applications to a high, consistent security bar
+
+| **Training** |
+|-------------------------|
+| [Identity and Access management](https://learn.microsoft.com/en-us/training/modules/design-solutions-identity-access-management/) |
+
+#### [Back to Table of Contents](/PartnerResources/skilling/microsoft-security-academy/sfi#table-of-contents)
+
+
+<div>&nbsp;</div>
+
+___
+
+
+### Protect networks
+
+##### Secure 100% of production networks and systems connected to the networks by improving isolation, monitoring, inventory, and secure operations
+
+| **Training** |
+|-------------------------|
+| [Protect network resources](https://learn.microsoft.com/en-us/azure/defender-for-cloud/protect-network-resources) |
+| [Other threat protections in Microsoft Defender for Cloud](https://learn.microsoft.com/en-us/azure/defender-for-cloud/other-threat-protections) |
+| [Use asset inventory to manage your resources' security posture](https://learn.microsoft.com/en-us/azure/defender-for-cloud/asset-inventory) |
+| [Cloud security posture management (CSPM)](https://learn.microsoft.com/en-us/azure/defender-for-cloud/concept-cloud-security-posture-management) |
+| [Understanding just-in-time (JIT) VM access](https://learn.microsoft.com/en-us/azure/defender-for-cloud/just-in-time-access-overview?tabs=defender-for-container-arch-aks) |
+
+##### Apply network isolation and microsegmentation to 100% of production environments, creating additional layers of defense against attackers
+
+| **Training** |
+|-------------------------|
+| [Secure and govern workloads with network-level segmentation](https://learn.microsoft.com/en-us/azure/architecture/networking/guide/network-level-segmentation) |
+| [Azure guidance for secure isolation](https://learn.microsoft.com/en-us/azure/azure-government/azure-secure-isolation-guidance) |
+| [What is Azure Firewall?](https://learn.microsoft.com/en-us/azure/firewall/overview) |
+| [Advanced Azure Kubernetes Service (AKS) microservices architecture](https://learn.microsoft.com/en-us/azure/architecture/reference-architectures/containers/aks-microservices/aks-microservices-advanced) |
+| [Secure networks with Zero Trust](https://learn.microsoft.com/en-us/security/zero-trust/deploy/networks) |
+
+##### Enable customers to easily secure their networks and isolate resources in the cloud
+
+| **Training** |
+|-------------------------|
+| [Isolation in the Azure Public Cloud](https://learn.microsoft.com/en-us/azure/security/fundamentals/isolation-choices) |
+| [Azure Network Security](https://learn.microsoft.com/en-us/azure/security/fundamentals/network-overview) |
+| [Azure best practices for network security](https://learn.microsoft.com/en-us/azure/security/fundamentals/network-best-practices) |
+| [Tutorial: Filter network traffic with a network security group (NSG) using the Azure portal](https://learn.microsoft.com/en-us/azure/virtual-network/tutorial-filter-network-traffic?tabs=portal) |
+| [Deploy and configure Azure Firewall using the Azure portal](https://learn.microsoft.com/en-us/azure/firewall/tutorial-firewall-deploy-portal) |
+
+#### [Back to Table of Contents](/PartnerResources/skilling/microsoft-security-academy/sfi#table-of-contents)
+
+
+<div>&nbsp;</div>
+
+___
+
+
+### Protect engineering systems
+
+##### Build and maintain inventory for 100% of the software assets used to deploy and operate Microsoft products and services
+
+| **Training** |
+|-------------------------|
+| [Evaluate security posture of existing application portfolios](https://learn.microsoft.com/en-us/training/modules/design-solutions-secure-applications/3-evaluate-security-posture-existing-application-portfolios) |
+
+##### 100% of access to source code and engineering systems infrastructure is secured through Zero Trust and least-privilege access policies
+
+| **Training** |
+|-------------------------|
+| [Secure access for workload identities](https://learn.microsoft.com/en-us/training/modules/design-solutions-secure-applications/6-secure-access-workload-identities) |
+
+##### 100% of source code that deploys to production environments is protected through security best practices
+
+| **Training** |
+|-------------------------|
+| [Design and implement standards to secure application development](https://learn.microsoft.com/en-us/training/modules/design-solutions-secure-applications/2-design-implement-standards-secure-application-development) |
+
+##### Secure development, build, test, and release environments with 100% standardized, governed pipelines and infrastructure isolation.
+
+| **Training** |
+|-------------------------|
+| [Introduction to Secure DevOps](https://learn.microsoft.com/en-us/training/modules/introduction-to-secure-devops/) |
+| [DevOps Security Management](https://learn.microsoft.com/en-us/training/modules/describe-security-management-capabilities-of-azure/6-describe-dev-ops-security-management) |
+| [Connect Azure DevOps environments to Microsoft Defender for Cloud](https://learn.microsoft.com/en-us/azure/defender-for-cloud/quickstart-onboard-devops) |
+
+#### [Back to Table of Contents](/PartnerResources/skilling/microsoft-security-academy/sfi#table-of-contents)
+
+
+<div>&nbsp;</div>
+
+___
+
+
+### Monitor and detect threats
+
+##### Maintain a current inventory across 100% of production infrastructure and services
+
+| **Training** |
+|-------------------------|
+| [What is Microsoft Defender Vulnerability Management (MDVM)](https://learn.microsoft.com/en-us/defender-vulnerability-management/defender-vulnerability-management) |
+
+##### Retain 100% of security logs for at least two years and make six months of appropriate logs available to customers
+
+| **Training** |
+|-------------------------|
+| [Manage audit log retention policies](https://learn.microsoft.com/en-us/purview/audit-log-retention-policies?tabs=microsoft-purview-portal#default-audit-log-retention-policy) |
+| [Audit in Microsoft Purview](https://learn.microsoft.com/en-us/training/modules/describe-purview-risk-compliance-governance/2-describe-audit) |
+
+##### Automatically detect and respond to anomalous access, behaviors, and configurations across 100% of production infrastructure and services
+
+| **Training** |
+|-------------------------|
+| [Threat protection with Microsoft Defender XDR](https://learn.microsoft.com/en-us/training/modules/describe-threat-protection-with-microsoft-365-defender/) |
+| [Embedded experiences of Microsoft Copilot for Security](https://learn.microsoft.com/en-us/training/modules/security-copilot-embedded-experiences/) |
+
+#### [Back to Table of Contents](/PartnerResources/skilling/microsoft-security-academy/sfi#table-of-contents)
+
+
+<div>&nbsp;</div>
+
+___
+
+
+### Accelerate response and remediation
+
+##### Reduce the Time to Mitigate for high-severity cloud security vulnerabilities with accelerated response
+
+| **Training** |
+|-------------------------|
+| [Manage and respond to security alerts](https://learn.microsoft.com/en-us/azure/defender-for-cloud/managing-and-responding-alerts) |
+| [Automate remediation responses](https://learn.microsoft.com/en-us/azure/defender-for-cloud/workflow-automation) |
+| [View and remediate findings from vulnerability assessments on your VMs](https://learn.microsoft.com/en-us/azure/defender-for-cloud/remediate-vulnerability-findings-vm) |
+| [Security Control: Incident response](https://learn.microsoft.com/en-us/security/benchmark/azure/mcsb-incident-response) |
+| [Ingest Microsoft Defender for Cloud alerts to Microsoft Sentinel](https://learn.microsoft.com/en-us/azure/sentinel/connect-defender-for-cloud) |
+| [Embedded experiences of Microsoft Copilot for Security](https://learn.microsoft.com/en-us/training/modules/security-copilot-embedded-experiences/) |
+
+##### Increase transparency through the adoption and release of Common Weakness Enumeration™ (CWE™), and Common Platform Enumeration™ (CPE™)
+
+| **Training** |
+|-------------------------|
+| [Enable vulnerability scanning with Microsoft Defender Vulnerability Management](https://learn.microsoft.com/en-us/azure/defender-for-cloud/deploy-vulnerability-assessment-defender-vulnerability-management) |
+| [Automatically configure vulnerability assessment for your machines](https://learn.microsoft.com/en-us/azure/defender-for-cloud/auto-deploy-vulnerability-assessment) |
+| [Security alerts -- Reference Guide](https://learn.microsoft.com/en-us/azure/defender-for-cloud/alerts-reference) |
+| [Track and respond to emerging threats through threat analytics](https://learn.microsoft.com/en-us/defender-endpoint/threat-analytics) |
+
+##### Improve the accuracy, effectiveness, transparency, and velocity of public messaging and customer engagement
+
+| **Training** |
+|-------------------------|
+| [Secure score in Microsoft Defender for Cloud](https://learn.microsoft.com/en-us/azure/defender-for-cloud/secure-score-security-controls) |
+| [Improve regulatory compliance](https://learn.microsoft.com/en-us/azure/defender-for-cloud/regulatory-compliance-dashboard) |
+| [Automate remediation responses](https://learn.microsoft.com/en-us/azure/defender-for-cloud/workflow-automation) |
+| [Set up continuous export in the Azure portal](https://learn.microsoft.com/en-us/azure/defender-for-cloud/continuous-export) |
+
+#### [Back to Table of Contents](/PartnerResources/skilling/microsoft-security-academy/sfi#table-of-contents)
+
+
+<div>&nbsp;</div>
+
+___
diff --git a/_docs/Skilling/Security Academy/index.md b/_docs/Skilling/Security Academy/index.md
@@ -2,7 +2,7 @@
 layout: page
 title: Microsoft Security Academy
 description: Microsoft Security Academy
-updated: 2024-09-27
+updated: 2024-09-30
 permalink: /skilling/microsoft-security-academy
 redirect_from:
   - /skilling/microsoft-security-academy/
@@ -47,6 +47,7 @@ showbreadcrumb: true
                         <li><a href="/PartnerResources/skilling/microsoft-security-academy/specializations">Security Specializations</a></li>
                         <li><a href="/PartnerResources/skilling/microsoft-security-academy/certifications">Security Certifications</a></li>
                         <li><a href="/PartnerResources/skilling/microsoft-security-academy/programs">Partner Programs</a></li>
+                        <li><a href="/PartnerResources/skilling/microsoft-security-academy/sfi">Secure Future Initiative</a></li>
                         <li><a href="/PartnerResources/skilling/microsoft-security-academy/microsoft-copilot-for-security">Copilot for Security Technical Journey & Resources</a></li>
                         <li><a href="/PartnerResources/skilling/microsoft-security-academy/microsoft-copilot-for-security-qa">Copilot for Security Q&A</a></li>
                         <li><a href="/PartnerResources/security/microsoft-security-academy/microsoft-sentinel">Microsoft Sentinel Resources</a></li>
@@ -59,9 +60,9 @@ showbreadcrumb: true
 
 ___
 
-## September 27th, 2024 Update📰
+## September 30th, 2024 Update📰
 
-**Recent Update** (September 27th): **[Copilot for Security Technical Resources](/PartnerResources/skilling/microsoft-security-academy/microsoft-copilot-for-security)** |
+**Recent Update** (September 30th): **[Secure Future Initiative](/PartnerResources/skilling/microsoft-security-academy/sfi)** |
 
 Read about our progress improving our security culture, governance, standards, and principles from the **[newly released SFI Progress Report](https://www.microsoft.com/en-us/security/blog/2024/09/23/securing-our-future-september-2024-progress-update-on-microsofts-secure-future-initiative-sfi/).**
 

diff --git a/_includes/head.html b/_includes/head.html
@@ -7,7 +7,7 @@
 
     <META NAME="ROBOTS" CONTENT="INDEX, FOLLOW">
 
-    <!-- link rel="alternate" type="application/rss&#43;xml" href="/docs/index.xml" -->
+    <!-- link rel="alternate" type="application/rss+xml" href="/docs/index.xml" -->
 
     <title>{% if page.title %}{{ page.title }}{% else %}{{ site.title }}{% endif %}</title>
     <meta property="og:title" content="{% if page.title %}{{ page.title }}{% else %}{{ site.title }}{% endif %}" />
@@ -28,16 +28,18 @@
     <link rel="stylesheet" href="{{ site.baseurl }}/assets/css/uikit.min.css">
     <link rel="stylesheet" href="{{ site.baseurl }}/assets/css/gps.css">
 
+    <link rel="icon" href="https://th.bing.com/th/id/R.3d6a2ad56bc3403c5cfcc3efe09b741b?rik=gnNKMMZSvZ3uMA&riu=http%3a%2f%2fpurepng.com%2fpublic%2fuploads%2flarge%2fpurepng.com-microsoft-logo-iconlogobrand-logoiconslogos-251519939091wmudn.png&ehk=1%2fl4i5MeDLTCpvZhUZlCefvhSzsGR16HIPqagpDxYDg%3d&risl=&pid=ImgRaw&r=0" type="image/png">
+
     <script
       src="{{ site.baseurl }}/assets/js/jquery-3.3.1/jquery-3.3.1.min.js"
       integrity="sha256-FgpCb/KJQlLNfOu91ta32o/NMZxltwRo8QtmkMRdAu8="
       crossorigin="anonymous"></script>
 
-        <script type="text/javascript">
+    <script type="text/javascript">
     (function(c,l,a,r,i,t,y){
         c[a]=c[a]||function(){(c[a].q=c[a].q||[]).push(arguments)};
         t=l.createElement(r);t.async=1;t.src="https://www.clarity.ms/tag/"+i;
-        y=l.getElementsByTagName(r)[0];y.parentNode.insertBefore(t,y);
+        y=l.getElementsByTagName(r);y.parentNode.insertBefore(t,y);
     })(window, document, "clarity", "script", "fcas1htcpk");
-</script>
-    </head>
+    </script>
+</head>