Starting in October, Microsoft will enforce multi-factor authentication (MFA) for all Azure resource management actions to protect Azure clients from unauthorized access attempts.

Microsoft says Storm-0501 is exploiting Entra ID and Azure to escalate privileges, implant backdoors, exfiltrate and destroy data, and extort victims.