Microsoft’s Storm-2949 research shows how identity compromise can become a cloud-wide breach across Microsoft 365, Azure resources, Key Vault secrets, storage, SQL databases and virtual machines. This article explains why identity recovery must restore a known-good control state, not just access.