This is the Trace Id: 3d9c39addc5d9d93e503152e045a64e6
Security Engineering Portal

Security Engineering Portal

Discover the security engineering practices used at Microsoft to build and operate highly secure apps and services.

Overview

In today’s complex and regulated environment, organizations need to focus on building more secure solutions that deliver value to their customers, partners, and shareholders. Through the Security Engineering Portal, we’re sharing what we’ve learned through our decades of experience implementing and continuously improving security-aware software development, operational management, and threat-mitigation practices that are essential to the strong protection of services and data.

Explore the following development guidance, models, and tools to get started.

Security Development Lifecycle (SDL)

Learn about the Microsoft SDL and how you can use to develop more secure software.

Learn more

Operational Security

Establish a scalable process for improving operational security in cloud-based infrastructure.

Learn more

OSS Secure Supply Chain

Learn about how to securely consume open source through the OSS Secure Supply Chain Framework and protect your developers from OSS supply chain threats.

Learn more
Cybersecurity Teams

Cybersecurity Teams

Learn how Microsoft has invested in multiple cybersecurity teams and related facilities to address threats to our customers and our technology ecosystem.

Learn more

Microsoft also has specialized groups and teams to provide intensive focus on specific security issues, including:

  •  The Microsoft Digital Crimes Unit, which brings together experts who are dedicated to disrupting cybercrime threats such as botnet-driven internet attacks and online child sexual exploitation. 
  •  The Government Security Program, provides qualified participants with confidential security information they need to trust Microsoft’s products and services.
  •  The Microsoft Security Response Center, led by some of the world’s most experienced security experts, which delivers a worldwide security response, collaborates with the security community to help improve customer security, advances innovation in the security landscape, provides authoritative security guidance, and publishes the semi-annual Security Intelligence Report. 
  •  The Windows Defender Security Intelligence Center, which is the antimalware research-and-response organization within Microsoft that protects computer systems from malicious software attacks. The center continuously monitors millions of computers worldwide, gathering and analyzing threat data. With help from researchers around the world, it can identify and mitigate new threats within hours of their discovery.