I think this is a pretty big leap to conclusions. Some guy on Mastdon doesn’t know what Microsoft’s security team knows about the breach.
It’s irresponsible to make broad claims like this, that everything in Microsoft’s cloud has to be replaced to mitigate the breach. That doesn’t pass the sniff test.
I get that Microsoft has a vested interest in mitigating the PR aspect of it, but I doubt they’ve just done nothing to correct the issue.
if you follow all the links you'll find out that the keys stolen gave the hackers (probably the Chinese state) access to all managed MS applications for all customers; and enabled faking having an organizational account for arbitrary MS customers.
This essentially makes all key western companies and public orgs, hosted on azure, probable targets. It's highly unlikely that they only stole state dept. emails, when they had access to banks, finical orgs, etc.
Indeed, their very ability to steal emails from the US state dept! makes it likely a breach at other less protected vital biz/orgs occured.
The whole of the azure cloud, and esp. the whole of managed MS apps at major institutions was compromised for at least a year. This is apocalyptic.
It’s irresponsible to make broad claims like this, that everything in Microsoft’s cloud has to be replaced to mitigate the breach. That doesn’t pass the sniff test.
I get that Microsoft has a vested interest in mitigating the PR aspect of it, but I doubt they’ve just done nothing to correct the issue.