Earlier this month, Microsoft confirmed that they detected malicious executables in their environment that were downloaded during the SolarWinds Orion platform supply chain attack. Microsoft found no evidence that production services or customer data were breached, that forged SAML tokens were used against their domains, or that their systems were used to attack customers. However, their investigations discovered that the attackers could compromise internal Microsoft accounts, with one being used to view the source code for their software. Microsoft further stated that they do not practice security through obscurity and do not consider the viewing of source code as a security risk.
Source: https://www.bleepingcomputer.com/news/security/microsoft-solarwinds-hackers-accessed-our-source-code/