The cloud computing skies have been somewhat stormy of late for Microsoft, which has found itself in the crosshairs of not only an attacker who abused authentication but also the firm Tenable, which pointed out that the cloud services giant has a general problem with authentication. A post by Microsoft and a write-up by Tenable both highlighted the issue of cloud authentication and illuminated some of its weaknesses.
In the Tenable post, Microsoft was taken to task for its lack of transparency in cloud security. As described by Tenable CEO Amit Yoran, the issue concerned “occurred as a result of insufficient access control to Azure Function hosts, which are launched as part of the creation and operation of custom connectors in Microsoft’s Power Platform (Power Apps, Power Automation).”
