Microsoft将每个帐户和ENTRA ID令牌签名键移至硬件安全模块中

吹捧它所谓的“历史上最大的网络安全工程项目”

Microsoft is making progress on a broad cybersecurity initiative that was announced earlier this year following a high-profile hack of government email accounts that was traced to a Chinese threat actor.

微软正在一项广泛的网络安全计划取得进展，该计划在今年早些时候宣布了一大批政府电子邮件帐户，该帐户可追溯到中国威胁参与者。

In a blog post summarizing the Secure Future Initiative that was launched in November, Microsoft security chief Charlie Bell said five of the program’s 28 objectives are “near completion” and that 11 others have made “significant progress.” Among these achievements, Bell highlighted the completion of a project to put all Microsoft Account and Entra ID token-signing keys into hardware security modules or Azure confidential virtual machines and the hardening of the company’s software development kit to validate first-party identity tokens.

微软安全负责人查理·贝尔（Charlie Bell）在一篇博客文章中总结了11月发起的安全未来倡议，该计划的28个目标中有5个是“接近完成的”，而其他11个目标已经取得了“重大进展”。在这些成就中，贝尔强调了一个项目的完成，以将所有Microsoft帐户和ENTRA ID令牌签名键放入硬件安全模块或Azure机密虚拟机器以及公司软件开发套件的硬件以验证第一方身份令牌。

“We’ve applied new defense-in-depth protections in response to our Red Team research and assessments, migrated the MSA signing service to Azure confidential VMs, and are migrating Entra ID signing service to the same,” Bell said.

贝尔说：“我们已经对我们的红色团队研究和评估，将MSA签名服务迁移到Azure机密VM，并将ENTRA ID ID签署服务迁移到同时，对我们的红色团队研究和评估进行了新的深入保护措施。”

He noted that each of these improvements help mitigate the attack vectors that we suspect the actor used in a Chinese APT attack on Microsoft.

他指出，这些改进中的每一个都有助于减轻我们怀疑演员在中国对微软的攻击中使用的攻击向量。

Microsoft has publicly blamed the incident on a crash dump stolen from a hacked engineer’s corporate account. The crash dump, which dated back to April 2021, contained a Microsoft account (MSA) consumer key that was used to forge tokens to break into OWA and Outlook.com accounts.

微软已将事件公开归咎于被黑客工程师的公司帐户偷走的崩溃垃圾场。撞车站的历史可追溯至2021年4月，其中包含一个Microsoft帐户（MSA）消费者密钥，用于伪造令牌以闯入OWA和Outlook.com帐户。

On the architecture side, Bell reported the purging of 6.3 million dormant Azure tenants to protect cloud tenants and isolate production systems.

在建筑方面，贝尔报告说，清除了630万处休眠的Azure租户，以保护云租户和隔离生产系统。

Microsoft also reported the migration of 88 percent of active resources into Azure Resource Manager for tighter policy enforcement and the segmenting of 4.4 million managed identities so they can authenticate only from approved network locations.

微软还报告了88％的活动资源迁移到Azure Resource Manager中，以进行更严格的政策执行和440万个托管身份的细分，因此它们只能从批准的网络位置进行身份验证。

The Secure Future Initiative was publicly rolled out in November 2023 with a promise to deliver faster cloud patches, better management of identity signing keys and a commitment to ship software with a higher default security bar.

安全的未来计划于2023年11月公开推出，并承诺提供更快的云补丁，更好地管理身份签名键以及对具有更高默认安全栏的船舶软件的承诺。

Microsoft has itself faced intense criticism for its own approach to third-party vulnerability research of its cloud products and continues to struggle with faulty and incomplete patches and a surge in Windows zero-day attacks.

微软本身因其对云产品的第三方脆弱性研究的方法而面临激烈的批评，并继续在零时的零日攻击中遇到不良和不完整的补丁和激增。