Microsoft has released new guidance for organizations on how to protect against persistent nation-state attacks like the one disclosed a few days ago that infiltrated its own corporate email system.

A key focus of the guidance is on what organizations can do to protect against threat actors using malicious OAuth apps to hide their activity and maintain access to applications, despite efforts to boot them out.

The attack on Microsoft by Midnight Blizzard aka Cozy Bear — a threat group affiliated with Russia’s Foreign Intelligence Service (SVR) — resulted in the compromise of email accounts belonging to several Microsoft employees, including senior leadership.