In the shared responsibility model in which we operate for cloud services, there's a security responsibility for both the cloud provider and for the actual end-user or the customer. In a case where we see attacks against identities, meaning that people are trying to access someone's username—their login and password, so to speak—certainly we've seen Russian actors use password spray and other types of techniques, including phishing, to gain access to those accounts.
We work with those customers to be able to notify them of suspicious activity when we see attempts to compromise those particular accounts or if we do have intelligence to detect that they have been compromised.