The software giant found no evidence that attackers gained extensive access to services or customer data.