A password-spraying attack successfully breached Microsoft 365 accounts The hackers abused improperly configured conditional access policies to bypass MFA Many organizations targeted had no MFA implemented Hackers have used previously leaked credentials to target Microsoft…