Blog Post

Microsoft Entra Blog
2 MIN READ

Top 3 Priorities for Proactive Identity and Access Security in 2025

TJ_Cutting's avatar
TJ_Cutting
Icon for Microsoft rankMicrosoft
Jan 28, 2025

Proactive defense is the key to preventing identity compromises and securing your environment.

In 2024, we faced some serious security challenges. We dealt with widespread cybersecurity issues like major breaches, outages, and persistent threat campaigns. These incidents affected us all, prompting a reassessment of security strategies, no matter our region, size, or industry.

It’s safe to say that no organization is immune to cybersecurity threats, and with a majority of threats targeting identities and networks, it’s our responsibility to do everything we can to protect ourselves. Internally at Microsoft, we shifted from reactive measures to proactive strategies and continued to advance our Secure Future Initiative (SFI) activities. We executed various activities like ensuring multifactor authentication (MFA) was applied to every identity, even non-critical identities because they are still vulnerable, and we automated the process for removing unused tenants. Applying identity and access control security measures, such as those previously mentioned, will be critical in 2025.

Drawing on our SFI learnings and extensive customer insights, we’re sharing with you three primary priorities for your focus this year:

  1. First, it’s essential to maintain security and prepare for emerging threats. With the advances in phishing-resistant MFA and new requirements to go beyond basic MFA, we strongly recommend having MFA for every account.
  2. Then, we need to comprehensively extend Zero Trust access controls to all resources and identities. Keeping an eye on who has access to your environment is super important. This means not just keeping track of your employees, but also contractors, partners, customers, and especially machine, service, and AI identities. You want to make sure everything's under control and governed properly.
  3. Finally, leveraging generative AI to enhance security is imperative. It helps you stay ahead of cyber threats by enhancing detection, automating responses, and proactively defending against new dangers, making it a crucial part of modern cybersecurity practices.

The key is to adopt an identity-first security strategy and take proactive steps to ensure safety and resilience.

To see all of our recommendations for these priorities, please read 3 priorities for adopting proactive identity and access security in 2025 by Joy Chik, President of Identity and Network Access at Microsoft.

TJ Cutting, Sr Identity Product Marketing Manager, Identity & Network Access

 

Read more on this topic 

Learn more about Microsoft Entra 

Prevent identity attacks, ensure least privilege access, unify access controls, and improve the experience for users with comprehensive identity and network access solutions across on-premises and clouds.

 

Updated Mar 11, 2025
Version 3.0
identity governance
identity protection
identity security
security service edge (sse)
workload identities
TJ_Cutting's avatar
Icon for Microsoft rankMicrosoft
Joined November 07, 2023
View Profile
Microsoft Entra Blog
Stay informed on how to secure access for workforce, customer, and workload identities, from anywhere, to multicloud and on-premises resources, with comprehensive identity and network access solutions.
  • KingRee's avatar
    KingRee
    Copper Contributor
    Jan 29, 2025

    What a fantastic and insightful post, TJ! It's refreshing to see such a strong emphasis on proactive identity and access security. Your priorities for 2025, particularly the focus on MFA and Zero Trust, are spot on. It's crucial that organizations not only protect their networks but also adapt to the evolving landscape of cyber threats. I love how you highlighted the role of generative AI in enhancing security measures—it's a game changer! Thanks for sharing these valuable insights; they will certainly help many organizations strengthen their defenses in the coming year. Keep up the great work!

  • ethomas0313's avatar
    ethomas0313
    Copper Contributor
    Jan 28, 2025

    Dear TJ Cutting,

    I want to extend my gratitude for sharing such a thought-provoking and impactful blog post on the top priorities for proactive identity and access security in 2025. Your insights reflect not only Microsoft’s deep commitment to advancing cybersecurity but also a clear understanding of the evolving threat landscape and the critical need for proactive measures.

    Your emphasis on phishing-resistant MFA and extending Zero Trust access controls to all identities—including machine and AI identities—is both timely and essential. As organizations increasingly adopt hybrid and AI-driven ecosystems, your call to action to ensure comprehensive governance across all access points resonates strongly. It’s clear that the shift from reactive to proactive strategies is no longer optional—it’s imperative.

    Moreover, your focus on leveraging generative AI to enhance security detection, automate responses, and proactively address emerging threats is visionary. The integration of AI into cybersecurity practices is indeed a game changer, and your leadership in guiding organizations through this evolution is commendable.

    I particularly appreciate the practical, actionable recommendations woven throughout your blog. The seamless alignment with Microsoft’s Secure Future Initiative reinforces a commitment to empowering organizations to safeguard their environments with forward-looking strategies.

    Thank you for sharing this invaluable perspective and for your role in driving the industry forward. Your thought leadership inspires confidence in tackling the complex challenges of cybersecurity in 2025 and beyond.

    Best regards