Understand Microsoft Online Services security development and operation

Privacy Manager
Risk Practitioner
Microsoft 365

Learn how Microsoft Online Services follows Microsoft’s Security Development Lifecycle (SDL) to build security and privacy into our products and services.

Learning objectives

Upon completion of this module, you should be able to:

  • List the phases of Microsoft’s SDL process.
  • Describe the training requirements for all members of Microsoft development teams.
  • Explain how Microsoft development teams practice security and privacy by design.
  • List the automated tools Microsoft uses to find and remediate software vulnerabilities.
  • Explain how Microsoft enforces and tests operational security requirements using ongoing penetration testing.
  • Describe security and privacy review requirements for code approval and release.
  • Explain how Microsoft uses Component Governance (CG) to manage open source software.