"A lot of the way it [the role] has changed is in the face of ever-increasing complexity and impact," says Rob Lefferts, corporate vice president for Microsoft 365 Security in Security and Compliance. Microsoft faced this precise challenge a few months ago, following the major supply chain attack that initially targeted SolarWinds and distributed a backdoor Trojan to some 18,000 organizations via infected software updates. Microsoft was one of thousands affected by the tainted updates; using their access, the attackers were able to view some of its source code. The company took steps to remediate the internal accounts that were used to view source code "in a number of code repositories." While security experts pointed out that this access could make some steps easier for attackers, Microsoft maintained that there was no increase in risk. The company has since reported there is no evidence that attackers gained extensive access to services or user data.