The U.S. Cyber Safety Review Board’s (CSRB’s) recent post-mortem look at a 2023 cyber incident concluded that Microsoft’s “cascade of security failures” let Chinese hackers spy on U.S. government email accounts. The CSRB urged Microsoft to deprioritize development of new features to make “rapid and substantial” improvements to its security culture. The report includes 21 recommendations, including calls to improve cloud-system authentication processes and to give customers more access to security logs, for which Microsoft currently charges companies separately from its core services. This article, with insights from Cloud Security Alliance, CrowdStrike, Dinsmore & Shohl, Netskope and Reed Smith, identifies key takeaways from the report and addresses how companies can improve their cloud security. See “Checklist Covering CSRB Recommendations on Five Areas for Strengthening Cyber Defenses” (Mar. 27, 2024).