Here’s something alarming:
We, by which I mean I, want companies to take security seriously. But when we take a look at the recently launched Open Cloud Vulnerability & Security Issue Database, it’s clear that the severity and frequency of Azure exploits significantly outweighs those of its hyperscale competitors. These issues are across different products — meaning that it’s extremely unlikely that all of these security problems are the result of one disaster-prone engineer floating around the company.
This is classical Microsoft. I won’t hesitate to call it the next IBM. It’s all hype and marketing without substantial benefits. One may argue the veracity of claims herein, but Microsoft has just one trick pony- Office 365. The operating system and any other services are subpar. While there are other credible alternatives to “Office software”, I have no idea why enterprises are clued to paying for these services. OneDrive is a terrible alternative to Dropbox. Outlook for email is horrendous. Windows 11 is definitely an idiotic choice. I use and recommend Linux (Fedora/Ubuntu or Linux Mint).
We’ve seen multiple cases where Microsoft takes more than a month just to give a security researcher an initial response to many of these issues. There are weeks of back-and-forth from that point onward. In a few notable instances, the initial patch that Microsoft rolled out to Azure was either trivially bypass-able or didn’t even fix the problem. In the most recent cross-tenant issue (as of this writing!),, Palo Alto Networks’ Unit 42 reports that they reported FabricScape to Microsoft on January 30, 2022. Azure patched the problem on June 14, 2022.
Two words: Avoid Azure.