PCMag editors select and review products independently. If you buy through affiliate links, we may earn commissions, which help support our testing.

PCMag UK

Microsoft Pledges to Make Security a 'Top Priority' After Recent Hacks

Two high-profile breaches at the company prompt Microsoft to overhaul its approach to security, including compensating executives who meet their security goals.

Michael Kan
 & Michael Kan Principal Reporter

Our team tests, rates, and reviews more than 1,500 products each year to help you make better buying decisions and get more from technology.

Our Expert
LOOK INSIDE PC LABS HOW WE TEST
65 EXPERTS
43 YEARS
41,500+ REVIEWS
(Photo by Joan Cros/NurPhoto via Getty Images)

Microsoft’s reputation on cybersecurity has taken a beating in recent months after Chinese and then Russian hackers breached the company’s systems. In response, Redmond says it’s "making security our top priority at Microsoft, above all else—over all other features."

The statement comes from Microsoft EVP for Security Charlie Bell, who outlined the company’s plan to overhaul its approach to security on Friday. "Microsoft plays a central role in the world’s digital ecosystem, and this comes with a critical responsibility to earn and maintain trust. We must and will do more,” he wrote. 

Trust in Microsoft’s security took a dive back in July when a suspected Chinese hacking group breached the company’s Outlook systems to steal emails from 25 organizations, including US government groups. Last month, the US Cybersecurity and Infrastructure Security Agency (CISA) released a report blaming Microsoft’s “corporate culture that deprioritized enterprise security investments” for the intrusions, which were found to be entirely preventable. 

The software giant then suffered another security blackeye in January when Microsoft disclosed that a Russian state-sponsored hacking group had stolen emails from the company’s corporate teams. This allowed the hacking group to access source code repositories at Redmond and potentially hack into US federal agencies.  

The security setbacks have led lawmakers to accuse Microsoft—which provides software services to the US government and various businesses—of being 'negligent' on cybersecurity. To win back trust, the company promises to bake in security across all Microsoft products and services, and even reward executives based on implementing the cybersecurity plans. 

Recommended by Our Editors

Google Will Soon Spot Fake Calls on Supported Android Phones
Google Will Soon Spot Fake Calls on Supported Android Phones
Report Cites Misinformation As Key Threat to Election Security, Doesn't Name the Biggest Offenders
Report Cites Misinformation As Key Threat to Election Security, Doesn't Name the Biggest Offenders
Meta's AI Chatbot Allegedly Helped Hackers Hijack Instagram Accounts
Meta's AI Chatbot Allegedly Helped Hackers Hijack Instagram Accounts

“We will instill accountability by basing part of the compensation of the company’s Senior Leadership Team on our progress in meeting our security plans and milestones,” Bell wrote in Friday’s announcement.  

The overhaul also means Microsoft will prioritize security first “when designing any product or service.” In addition, the company will enable and enforce security protections by default, requiring no extra effort from the user. 

The company is already making headway by implementing multi-factor authentication as a default “across more than one million Microsoft Entra ID tenants within Microsoft, including tenants for development, testing, demos, and production,” Bell said. Another 730,000 apps were removed from Microsoft's internal systems for failing to meet security standards.  

The other significant announcement is that Microsoft plans on implementing the recommendations from CISA that it released after July’s Outlook hack. “Ultimately, Microsoft runs on trust and this trust must be earned and maintained,” Bell added.

About Our Expert

Michael Kan

Michael Kan

Principal Reporter

My Experience

I've been a journalist for over 15 years. I got my start as a schools and cities reporter in Kansas City and joined PCMag in 2017, where I cover satellite internet services, cybersecurity, PC hardware, and more. I'm currently based in San Francisco, but previously spent over five years in China, covering the country's technology sector.

Since 2020, I've covered the launch and explosive growth of SpaceX's Starlink satellite internet service, writing 600+ stories on availability and feature launches, but also the regulatory battles over the expansion of satellite constellations, fights with rival providers like AST SpaceMobile and Amazon, and the effort to expand into satellite-based mobile service. I've combed through FCC filings for the latest news and driven to remote corners of California to test Starlink's cellular service.

I also cover cyber threats, from ransomware gangs to the emergence of AI-based malware. In 2024 and 2025, the FTC forced Avast to pay consumers $16.5 million for secretly harvesting and selling their personal information to third-party clients, as revealed in my joint investigation with Motherboard.

I also cover the PC graphics card market. Pandemic-era shortages led me to camp out in front of a Best Buy to get an RTX 3000. I'm now following how the AI-driven memory shortage is impacting the entire consumer electronics market. I'm always eager to learn more, so please jump in the comments with feedback and send me tips.

The Best Tech I've Had:

  • My first video game console: a Nintendo Famicom
  • I loved my Sega Saturn despite PlayStation's popularity.
  • The iPod Video I received as a gift in college
  • Xbox 360 FTW
  • The Galaxy Nexus was the first smartphone I was proud to own.
  • The PC desktop I built in 2013, which still works to this day.

Read the latest from Michael Kan

Read full bio