Learn how security and privacy reviews support secure deployment
After any vulnerabilities discovered during security testing have been remediated, new builds undergo final security and privacy reviews before they can be approved for release. Security and privacy reviews validate that the design of service components and features are working as intended prior to release. For new services, security reviews also ensure the service has been onboarded to our incident management systems to enable 24/7 security monitoring and incident response by Microsoft's security response teams.
Microsoft Online Services utilize centralized tools to ensure all security and privacy requirements are met. These tools help us track which services, platforms, features, and models need security and privacy reviews. They also guide developers through meeting SDL requirements at each stage of the SDL process.
Security and privacy reviews constitute a final check to ensure all requirements have been met prior to approval for release. Tasks are created for each requirement, and completion of each task is verified by both a security and privacy manager. Some examples of these tasks include:
- Verifying any security exceptions discovered in testing have been resolved
- Verifying appropriate use of encryption
- Verifying onboarding to security monitoring and incident response systems
- Verifying privacy tasks have been completed