This is part of a series of blogs and interviews conducted with our Microsoft Deputy CISOs, in which we surface a number of mission-critical security recommendations and best practices that businesses can enact right now and derive real meaningful benefits from. In this article, Ilya Grebnov, Deputy CISO for Microsoft Dynamics 365 and Power Platform at Microsoft dives into cyberattacks of opportun...
This piece presents a compelling case for structural security reforms, but it’s worth examining the assumptions and incentives behind Microsoft’s advocacy. The strongest version of the argument is that credential elimination and platform engineering are force multipliers for defense, reducing attack surfaces and operational friction. Microsoft’s own implementation—standardizing "core services" to propagate security updates across 450+ services—demonstrates scalability benefits. However, the narr...