I find it impossible to believe that Azure as a whole organisation takes security seriously. There might be individuals that do, but definitely nobody with decision making power. Half of the above described exploits are trivial and should have never passed any sort of competent review process.
A random selection of serious security incidents from Azure:
just from Wiz from the past 2-3 years, and of course they aren't the only ones:
https://www.wiz.io/blog/secret-agent-exposes-azure-customers...
https://www.wiz.io/blog/storm-0558-compromised-microsoft-key...
https://www.wiz.io/blog/azure-active-directory-bing-misconfi...
https://www.wiz.io/blog/omigod-critical-vulnerabilities-in-o...
https://www.wiz.io/blog/chaosdb-explained-azures-cosmos-db-v...
Of course Microsoft AI researchers sucking at security: https://www.wiz.io/blog/38-terabytes-of-private-data-acciden...
Nice overview from Corey Quinn that predates some of those but things were already horrifically bad: https://www.lastweekinaws.com/blog/azures-terrible-security-...
Go and look for similar things for AWS and GCP, and there's nothing on this level (cross-tenant, trivial to exploit).
Oh and there's also this, them selling your usage patterns to partners (hopefully they've stopped): https://twitter.com/QuinnyPig/status/1359769481539506180
Oh and another one where they bungled the response: https://twitter.com/QuinnyPig/status/1536868170815795200
I find it impossible to believe that Azure as a whole organisation takes security seriously. There might be individuals that do, but definitely nobody with decision making power. Half of the above described exploits are trivial and should have never passed any sort of competent review process.