> And further, why would you only have one mechanism for tenancy enforcement? Networking is a fine boundary, but there should have been a token as well.

Honestly, this bug, and this comment on the recent ChaosDB bug, https://news.ycombinator.com/item?id=29296170, make me think that Azure just doesn't know how to do tenant segregation securely. These types of bugs where some small flaw allow complete takeover of other accounts (or worse, complete takeover of the whole service) are pretty catastrophic.

Yeh, MS seems to be like every other large corp in this case. Too big to handle for one security team. So you end up with, some parts of it that got security down; but all those < V3 services? they seem to be written by 3rd world contractors who code-review via stackoverflow

There is no QA of any kind, other then customers complaining.

Totally broken features are regularly shipped and stay broken.

A random example: Application Gateway shows 5 metrics if you open one in the Portal on the first page. Two of those metrics aggregate a rate (Mbps) using sum instead of avg.

40% of their front-and-center graphs show gibberish, and that’s been like that for probably years.

No one tested any of this. Not a security person, not a UX person, or any manager.

PS: Take a look at the cypher suites offered by App Gateway and its and TLS defaults. Note the current year. Now consider that this is their security product with Web Application Firewall functionality!

Would you trust their WAF to keep you safe? Or just tick a checkbox that some auditor says needs ticking?

I’m surprised a feature like this didn’t require a detailed threat model with explanation of mitigations before launch. Don’t think this “authentication” method would’ve past muster

Me too. We have a multi-tenant system and we did threat modeling, immediately calling out that while we had network restrictions that we should assume those will fail and we'll add mTLS and an out of band token.

That took almost no time or effort to realize.