As we move further into an age of advanced technology, generative AI, and agentic platforms, the development of more robust cybersecurity systems is paramount. With more connection, intelligence, and innovation comes a larger risk of cybersecurity threats, which is something that every company wants to prevent.
Microsoft is one of the companies that have recognized this growing trend of risks, which is why they’re rolling out the Secure Future Initiative (SFI). This will hopefully provide a more updated, targeted, and sophisticated protection for the IT giant, but it will have knock-on effects, especially for the impending Salesforce Outlook Integration.
What Is the Secure Future Initiative?
Microsoft’s Secure Future Initiative (SFI) is a new cybersecurity initiative launched in response to the increasing speed, scale, and sophistication of cyberattacks. This initiative comes at a crucial time. In 2024, it’s estimated that someone falls victim to a cyberattack roughly once every 11 seconds, and almost six in ten businesses have been hit by ransomware in the past year.
The initiative focuses on three key areas, or “pillars”:
1. AI-Based Cyber Defenses
The first pillar is focused on transforming the way Microsoft develops software with automation and AI, strengthening identity protection against highly sophisticated attacks, and pushing the envelope in vulnerability response and security updates for its cloud platforms.
Microsoft says that they are dedicated to building an “AI-based cyber shield” that will protect both customers and countries globally and that their global network of AI-based data centers and use of advanced foundation AI models will put “AI to work” in the world of cybersecurity.
The work will start with the advancement of Microsoft’s Threat Analysis Center (MTAC) with the help of AI-assisted data retrieval and usage to identify and analyze cybersecurity threats. AI will also be used in automation and acceleration efforts in order to tackle the overwhelming volume of data generated daily versus the shortage of cybersecurity professionals.
2. New Engineering Advances
The “New Engineering Advances” pillar of Microsoft’s SFI focuses on revolutionizing the company’s software engineering practices to embed security more deeply into its products and services.
This pillar acknowledges that simply adding security features on top of existing software is insufficient to address the evolving threat landscape. Instead, a fundamental shift in how software is designed, built, tested, and operated is required.
They also plan to leverage AI for secure code analysis, to automatically analyze code for security vulnerabilities during development, allowing for early detection and remediation of potential weaknesses. A key sub-arm of this is the connection between Microsoft and AI assistants like GitHub Copilot, which the company aims to leverage for automated security auditing and testing.
3. Stronger Application of Technical Norms
The final pillar of this initiative is titled the “Stronger Application of Technical Norms”, and has a keen focus on international cooperation and the establishment of clear norms in cyberspace to enhance global cybersecurity.
This pillar acknowledges that technological advancements and engineering improvements alone are not sufficient enough to address the complex challenges posed by nation-state actors and cybercriminals operating across international borders.
Taking inspiration from the Geneva Conventions, part of the driving force behind this pillar is a push for a stronger and more unified global stance against cyberattacks targeting civilians and critical infrastructure.
Brad Smith, the Vice Chair and President of Microsoft, emphasizes that guardrails need to be clearly defined and that both companies and countries must know where they stand.
“First, we need to stand together more broadly and publicly to endorse and reinforce the key norms that provide the red lines no government should cross.” Brad Smith, Vice Chair and President, Microsoft
By holding nations accountable for their actions in cyberspace, the international community can create a deterrent effect, discouraging future violations and promoting responsible behavior.
What Does This Mean for Outlook?
Microsoft has announced that the roll-out of this new initiative will affect the Salesforce Outlook integration set to take place in the coming months. As part of the SFI, Microsoft will be deprecating legacy features which will have a knock-on effect. They have put together a set of steps that will need to be executed for continuous, uninterrupted access, the details of which can be found here.
The following actions should be taken before Exchange Online tokens are turned off in the tenant:
The first action (which is required) is to verify that M365 is not configured with policies that will prevent the Outlook integration from working after Exchange Online tokens are turned off in the tenant. Please note that failure to do so could prevent all users from accessing the Outlook integration.
The following scopes are required in order for the Salesforce Outlook integration to function:
- Calendars.ReadWrite.Shared
- Mail.ReadWrite.Shared
- offline_access
- openid
- profile
- User.Read
For example, if Calendars.ReadWrite.Shared is unavailable to all integrations, the Salesforce Outlook integration will not function.
The second action will roll out once Microsoft has developed the Admin Consent Flow which will automate the scope authorization process for all users in an account’s tenant so that individual users do not have to manually authorize the integration after Microsoft rolls out changes. It is recommended that involved individuals keep an eye on the Knowledge Base page for more updates as they come.
Customers can also proactively test in advance of the deadlines. To test this, customers can take the following actions before changes are rolled out:
- Authorize the Salesforce Outlook integration for users in the tenant using the Admin Consent Flow.
- Manually turn off Exchange Online tokens. Microsoft will be adding this capability in October 2024. Latest timeline and updates can be found in the Microsoft FAQ here.
- Launch the Outlook integration, verify the Microsoft authorization and Salesforce authentication flow, then verify users can access the application as expected.
Note: Salesforce admins will not have the required permissions/access to make these changes. M365 admins must execute these steps before Exchange Online tokens are turned off in the tenant. Failure to do so could prevent users from being able to access the Salesforce Outlook integration.
Additionally, whilst it’s recommended that customers work on implementing these changes immediately, any questions related to the exact timing for the milestones outlined should be directed to M365 admins.
Summary
Microsoft’s SFI initiative is a bold and well-timed move for the tech-space leader, and will hopefully cement not only its future and power in the market but also pave the way for other companies to follow suit.
It is important to see how these changes will affect any involvement you or your org have in the Salesforce Outlook integration, so be sure to check you’re prepared for the phasing out of legacy features before they happen.
Comments: