Microsoft announces improvements to durability and security in response to the worldwide IT disruption in July.
In a significant move aimed at enhancing the security and resilience of the Windows ecosystem, Microsoft has announced the Windows Resiliency Initiative (WRI). David Weston, VP of enterprise and OS security at Microsoft, revealed the initiative in a blog post.
The WRI is a comprehensive effort designed to prevent, manage, and recover from security and reliability incidents, ensuring seamless operations across the Windows platform. The initiative emphasizes ecosystem collaboration, actionable guidance, and product innovation to help organizations build resilience.
A key feature of the WRI involves moving third-party security software out of the kernel to prevent single-point failures. This change allows antivirus and endpoint protection solutions to run in user mode, similar to regular applications. Microsoft is also developing a new Windows endpoint security platform, part of WRI, to enable security partners to build solutions that operate outside the kernel.
The Windows endpoint security platform is set to enter a private preview in July 2025 for select Microsoft Virus Initiative (MVI) partners, including prominent security vendors like CrowdStrike, Bitdefender, ESET, SentinelOne, Sophos, Trellix, Trend Micro, and WithSecure. Following the private preview, feedback from partners will help shape the platform before broader releases.
The WRI is a response to a global IT outage linked to a faulty CrowdStrike software update in July, which resulted in massive customer disruptions at airlines, hospitals, emergency services, and financial institutions. Microsoft has also announced the Secure Future Initiative in November 2023 following a state-linked attack against Microsoft Exchange Online, which led to the exfiltration of 60,000 emails from the U.S. State Department and other sensitive accounts.
In addition to these technical advancements, Microsoft is also focusing on improving its internal governance and security culture as part of its SFI efforts. Employees are being held accountable for incorporating security concerns into the product development process. Microsoft is adopting safer programming languages, moving away from C++ to Rust, and enabling new capabilities for developers to allow the development of security products outside of kernel mode.
Microsoft is also working on improving its internal governance and security culture as part of its SFI efforts. The company will use safe deployment practices with endpoint security partners to make sure security upgrades are gradual and monitored. The U.S. Cyber Safety Review Board has blasted Microsoft for prioritizing speed to market and feature sets over security, and Microsoft is taking steps to address these concerns.
The goal of the Windows Resiliency Initiative is to advance Microsoft's prior efforts to overhaul its security culture. Microsoft has held a summit with security partners from the U.S. and Europe to work on efforts to boost resilience. The service will be available to the Windows Insider Program community starting in early 2025.
- Endpoint security and cybersecurity are crucial components of the WRI, a Microsoft initiative intended to enhance the security and resilience of the Windows ecosystem.
- Ecosystem collaboration, actionable guidance, and product innovation are central to the WRI, aimed at helping organizations build resilience in the industry, including finance, wealth-management, and banking-and-insurance.
- To prevent single-point failures, the WRI moves third-party security software out of the kernel, allowing antivirus and endpoint protection solutions to run like regular applications in user mode.
- Microsoft is developing a new Windows endpoint security platform, part of WRI, which will allow security partners to create solutions that operate outside the kernel, including notable vendors in the cybersecurity industry like CrowdStrike, Bitdefender, ESET, SentinelOne, Sophos, Trellix, Trend Micro, and WithSecure.
- The Windows endpoint security platform will enter a private preview in July 2025, with the feedback from the select Microsoft Virus Initiative (MVI) partners helping shape the platform before broader releases.
- The WRI was prompted by the global IT outage caused by a faulty CrowdStrike software update and the state-linked attack against Microsoft Exchange Online, incidents that highlighted the importance of data-and-cloud-computing and technology in education-and-self-development and career-development.
- Additional components of the WRI include Microsoft's efforts to improve its internal governance and security culture, adopting safer programming languages, encouraging security concerns in the product development process, and implementing safe deployment practices with endpoint security partners.
