Recent findings from the US Department of Homeland Security's Cyber Safety Review Board revealed a cyber attack on Microsoft by Storm-0558, a threat actor group. Additionally, Microsoft has faced persistent attacks from another group, Midnight Blizzard.
Secure by default: Security protections are enabled and enforced by default, require no extra effort, and are not optional. Ensure 100% of user accounts are protected with securely managed, phishing-resistant multifactor authentication. Protect 100% of Microsoft, acquired, and employee-created tenants, commerce accounts, and tenant resources to the security best practice baselines. Eliminate 100% of identity lateral movement pivots between tenants, environments, and clouds. Ensure only secure, managed, healthy devices will be granted access to Microsoft tenants. Protect Microsoft production networks and implement network isolation of Microsoft and customer resources.
100% of access to source code and engineering systems infrastructure is secured through Zero Trust and least-privilege access policies.