Organizations should disable Basic Auth in Microsoft 365, block the IP addresses listed in the report, enable CAPs to restrict login attempts and use MFA on all accounts.