Microsoft CEO Satya Nadella Business Insider/Julie Bort Microsoft CEO Satya Nadella is spending $1 billion a year to make Microsoft products more secure against hackers, malware and other threats, he told government IT workers in Washington on Tuesday.

This $1 billion annual budget includes acquisitions, hiring new execs, building a new state of the art facility and creating a new security group within Microsoft.

A few years ago, working for Microsoft Security was considered one of the worst jobs in all of tech. Microsoft's products were notoriously full of dangerous bugs, and Microsoft was considered difficult to work with when it came to patching them.

For instance, the infamous Stuxnet worm, an attempt allegedly by USA spy agencies, to take down Iran's nuclear facilities in 2010, apparently relied in part on bugs in Microsoft products, and Microsoft didn't fully fix the vulnerability until this year.

But over the past couple of years Microsoft has changed its attitude and its security, especially within Windows 10, Windows Server and Microsoft's cloud Azure.

Some former critics of Microsoft security applaud the change, such as Mikko Hypponen, a world renowned security expert at security company F-Secure.

“They’ve changed themselves from worst in class to the best in class,” Hypponen told the New York Times' Nick Wingfield. “The change is complete. They started taking security very seriously.”

Command center

To prove that point, Nadella on Tuesday launched a new, state-of-the-art facility called the Cyber Defense Operations Center where Microsoft will monitor security threats 24x7, tapping into thousands of security professionals, data scientists, engineers, developers and others as the need arises.

He also created a new group inside Microsoft called the Microsoft Enterprise Cybersecurity Group (ECG). It houses all of Microsoft security professionals, even if they are assigned to specific teams or products (cloud, Windows, Windows Server, etc.).

He also showcased all the new security products Microsoft has in the works, many of which were previously announced but not yet available, such as Lockbox for Office 365 (available Dec. 1). It allows companies to lock away their Office 365 files so that no one, not even a Microsoft cloud engineer, can access the stuff without the company's knowledge. The service may help Microsoft calm some customer fears over government snooping sparked by Edward Snowden's NSA revelations.

Plus, Nadella talked about Microsoft's security partnerships. For instance, Box, Adobe and SAP are baking in support for Microsoft Intune into their apps. Intune is Microsoft's device and app management service for protecting corporate data/devices. The idea is to prevent employees from sharing or losing sensitive Office 365 data, even if it's stored in Box, or Adobe's document cloud (a popular way to sign documents) or is created by a custom app via SAP's app-building tool Fiori.

Microsoft is also in beta tests for a new service called Azure Security Center, that taps into tech from partners like Checkpoint, Cisco, CloudFlare to add security layers to data stored in Azure.

That's not to say the whole world is treating Microsoft like a warm-and-fuzzy security hero. Google tangled with Microsoft earlier this year when its famous security guru found some holes in Microsoft products and felt Microsoft wasn't patching them fast enough.