Microsoft to overhaul internal security practices after Midnight Blizzard attack

Microsoft to overhaul internal security practices after Midnight Blizzard attack

After Microsoft disclosed a state-sponsored actor stole data from executives, experts are raising questions about its security capabilities.

Published on 23rd January 2024

In Brief


Security researchers and other analysts say the attack raises serious questions about the security of Microsoft products and whether the company is employing the same practices internally that it demands of customers.

Beginning in late November, the attackers used a password-spray attack to gain access to Microsoft’s environment. The attacks were not discovered until Jan. 12, and Microsoft said the attackers were seeking to find out what information Microsoft had on Midnight Blizzard.

Adam Meyers, SVP of counter adversary operations at CrowdStrike, noted that Microsoft has been the subject of serious attacks involving its cloud environment in recent years. This includes last year’s hack involving thousands of emails at the U.S. State Department and the Department of Commerce.

“I can tell you as somebody who works at a security company, our executives do not reside on legacy tenants with no multifactor authentication,” Meyers said.

Microsoft, in a blog post on Friday, admitted that it needs to rapidly update its internal security practices after it announced the Secure Future Initiative in November.

“We will act immediately to apply our current security standards to Microsoft-owned legacy systems and internal business processes, even when these changes might cause disruption to existing business practices,” the company said in the blog post.


The latest updates straight to your inbox

We just need a few details to get you subscribed

Health Checks

Inventory & Compliance

Cloud Readiness & Optimisation

Agreement & Audit Support


Looking for something specific?

Let's see what we can find - just type in what you're after

Wait! Before you go

Have you signed up to our newsletter yet?

It’s chock full of useful advice, exclusive events and interesting articles. Don’t miss out!

Cookie Notice

Our website uses cookies to ensure you have the best experience while you're here.