A random selection of serious security incidents from Azure:

just from Wiz from the past 2-3 years, and of course they aren't the only ones:

https://www.wiz.io/blog/secret-agent-exposes-azure-customers...

https://www.wiz.io/blog/storm-0558-compromised-microsoft-key...

https://www.wiz.io/blog/azure-active-directory-bing-misconfi...

https://www.wiz.io/blog/omigod-critical-vulnerabilities-in-o...

https://www.wiz.io/blog/chaosdb-explained-azures-cosmos-db-v...

Of course Microsoft AI researchers sucking at security: https://www.wiz.io/blog/38-terabytes-of-private-data-acciden...

Nice overview from Corey Quinn that predates some of those but things were already horrifically bad: https://www.lastweekinaws.com/blog/azures-terrible-security-...

Go and look for similar things for AWS and GCP, and there's nothing on this level (cross-tenant, trivial to exploit).

Oh and there's also this, them selling your usage patterns to partners (hopefully they've stopped): https://twitter.com/QuinnyPig/status/1359769481539506180

Oh and another one where they bungled the response: https://twitter.com/QuinnyPig/status/1536868170815795200

I find it impossible to believe that Azure as a whole organisation takes security seriously. There might be individuals that do, but definitely nobody with decision making power. Half of the above described exploits are trivial and should have never passed any sort of competent review process.

Talking with people in the MSFT camp is like talking with people in a cult. I'm not being melodramatic.

Pointing out these issues is good, but to them, they'll just shrug it off.

And businesses will keep giving them money. Madness.