Microsoft counts some 300,000 devices, including PCs and servers, 56,000 employees, more than 3 million email messages per day internally, and 7 million remote connections per month, he said.
"When I have to roll out a patch, I worry about 300,000 machines," Markezich said.
Patch management is a major focus of Microsoft's network interior security efforts. "I deploy patches at the same time as customers do," he said.
Markezich gives employees 24 hours to apply emergency patches to systems themselves. After 24 hours, he applies the patches using Microsoft's SMS (Systems Management Service).
Microsoft uses IPSec segmentation, which limits untrusted devices from accessing trusted devices, he said. The company uses smart cards for external access and is now piloting them for internal use, he added.
In its IT security program, Microsoft focuses on training employees about security policies, enforcing policies, optimizing processes such as patch management, and integrated technology, Markezich said.