Earlier this year, Microsoft revealed that a Russia-based cybercriminal group labeled as Midnight Blizzard got access to the email accounts of its top executives in late 2023. Today, the company has confirmed that it is informing more of its customers that emails sent to those executives were seen by that hacker group.
The Russian security breach, combined with an earlier one in 2023 by Chinese hackers who accessed Outlook-based government email accounts in the US and Europe, has been a major embarrassment to Microsoft.
Obviously the only solution is to disable local accounts and force people to upload their sensitive documents to one drive.