BigHandLittleSlap t1_jed611o wrote on March 31, 2023 at 3:41 AM Reply to Huge Microsoft exploit allowed users to manipulate Bing search results and access Outlook email accounts by hillai Cross-posting my comment on this in the /r/programming thread about the vulnerability: https://www.reddit.com/r/programming/comments/126dwym/azure_active_directory_misconfiguration_exploited/jed00xe/ TL;DR: Microsoft disables audit logging by design precisely when it is the most needed (multi-tenant Enterprise Apps). Permalink 20
BigHandLittleSlap t1_jed611o wrote
Reply to Huge Microsoft exploit allowed users to manipulate Bing search results and access Outlook email accounts by hillai
Cross-posting my comment on this in the /r/programming thread about the vulnerability: https://www.reddit.com/r/programming/comments/126dwym/azure_active_directory_misconfiguration_exploited/jed00xe/
TL;DR: Microsoft disables audit logging by design precisely when it is the most needed (multi-tenant Enterprise Apps).