The attack on Stryker used Microsoft InTune to remote-wipe all of Stryker's systems. If you can wipe a system, could you also drop code on it exfiltrate data and credentials?

[0] https://news.ycombinator.com/item?id=47346091