Microsoft’s director of identity security is urging customers to do some security house cleaning: deploy multi factor authentication and tighten up permissions on user and vendor accounts.