CISA’s emergency directive follows the January breach of Microsoft corporate email accounts by Russian state-sponsored cyber actor Midnight Blizzard.