[HN Gopher] Microsoft said it lost weeks of security logs for it...
___________________________________________________________________
Microsoft said it lost weeks of security logs for its customers'
cloud products
Author : alephnerd
Score : 279 points
Date : 2024-10-20 21:42 UTC (1 days ago)
(HTM) web link (techcrunch.com)
(TXT) w3m dump (techcrunch.com)
| kelsey98765431 wrote:
| I wonder which intelligence operation this supported...
| notimetorelax wrote:
| None, Microsoft's internal logging infrastructure is from the
| nineties.
| sofixa wrote:
| Same as their security infrastructure then.
| marcosdumay wrote:
| Whoever ran the Solar Winds infrastructure probably put
| some effort into hardening the MS infrastructure too.
| h4ck_th3_pl4n3t wrote:
| We call them APT -1 (Microsoft)
| ethbr1 wrote:
| >> _The affected products include Microsoft Entra, Sentinel,
| Defender for Cloud, and Purview, according to the Business
| Insider report._
|
| Oof. Entra (formerly Azure Active Directory) being impacted is
| rough. But who needs SSO logs?
| gonzo41 wrote:
| There was a time when we looked at the sky and didn't think
| about asteroids hitting the earth. Ignorance is bliss.
|
| -- btw, when they listed Entra, I thought it was Encarta. I
| momentarily so excited that still existed.
| rudasn wrote:
| Encarta 96
| isodev wrote:
| That animation when it was searching... it was so amazing
| back then, you could "feel" the knowledge and facts unfolding
| in one's computer.
| aitchnyu wrote:
| The same users then revolted at travel sites returning
| results too fast, so they had spinners to show they were
| hard at work compiling results.
| ethbr1 wrote:
| I'm kind of sad for the people that didn't get to
| experience the magic of book encyclopedia -> encyclopedia
| on CD-ROM -> Wikipedia.
|
| It was a lot of amazing change to live through! (Cue grade
| school teachers reminding students that Wikipedia isn't a
| valid source)
| hggigg wrote:
| Uh, we do. Have compliance obligations. Fortunately our
| production systems are NOT integrated into Entra. Only the non-
| customer stuff.
| bobnamob wrote:
| I'm definitely reading
|
| > But who needs SSO logs?
|
| with a heeeefty dose of /s
| hggigg wrote:
| Lacking a hefty dose of coffee and humour here :)
| CoastalCoder wrote:
| > Lacking a hefty dose of coffee and humour here
|
| Look, you can claim to drink coffee, _or_ you can spell
| "humor" with an "ou", but not both :)
| hggigg wrote:
| Haha :)
|
| Sod tea. Nasty stuff. Right to chuck it in the sea!
| SSLy wrote:
| You can if you learnt BrE in school...
| stavros wrote:
| Or if English isn't your first language...
| tjpnz wrote:
| Well you're still hosed if investigating a back office
| breach.
| hggigg wrote:
| Hey I want advance knowledge of how hosed everyone is so I
| can get my resume out first.
| VyseofArcadia wrote:
| Jesus Christ, MS. Pick a name and stick to it. Azure Active
| Directory wasn't great, but the constant rebranding of
| everything all the time is exhausting.
| switch007 wrote:
| Microsoft are hilariously bad at naming and I don't think
| they'll ever improve
|
| Blazor Server
|
| Blazor Web App
|
| Blazor WebAssembly
|
| .NET Framework
|
| .NET Core
|
| .NET
|
| EF
|
| EF 7
|
| EF Core
| marcosdumay wrote:
| MS drops products faster than Google. But they go through the
| hassle of creating a completely redundant one, porting all
| the users, and only then killing the old one.
|
| Some times the new one is even an improvement over the one
| they are killing... I mean... it's not the rule, but it
| happens here and there.
| quercusa wrote:
| Rumors are that people expected AAD to be "AD, but in the
| cloud!" and were sorely disappointed to find out that it
| wasn't.
| hulitu wrote:
| > But who needs SSO logs?
|
| You don't. Without logs, there is no compromise.
| anthk wrote:
| This is a good source of jokes in Spanish, as entra means "You,
| come inside/get in" (as being called to enter in a
| room/building/space).
| outside1234 wrote:
| Why did they admit this publicly?
| downrightmike wrote:
| Probably to have something out there so that when they admit it
| was a foreign actor who deleted them, it won't seem like big
| news that it is. That's typical for MSFT and how they handle
| these things.
| hulitu wrote:
| > when they admit it was a foreign actor
|
| It is always a "foreign actor". I bet that all bullshit
| implemented in Windows in the last years (telemetry, spying,
| dumbed down UI) was also from a "foreign actor". /s
| tacticus wrote:
| they got called out for hiding the reporting of it in tooling
| that can't be accessed by most security teams.
| dathinab wrote:
| and they have some large contracts to which they are legally
| obligated to disclose it, maybe why they tried to hide it
| locusofself wrote:
| There really was a bug in an application that just about every
| team runs on their VMs (simplifying here) that pushes application
| logs to storage. Even my team had to restart processes to get
| logs going again. It was a "sev 0" incident - an oopsie that was
| not easy to fix without many, many teams taking manual steps to
| restart agents which normally just hum along in the background.
| stogot wrote:
| Are you talking about within Microsoft internally or as a
| customer of theirs?
| justinclift wrote:
| > an oopsie that was not easy to fix
|
| Wouldn't it be nice if MS actually did automated testing to a
| reasonable depth, so stuff like this wouldn't keep happening?
|
| The recent ClownStrike global outage showed a lack of testing
| before deployment (by ClownStrike).
|
| This latest MS problem just demonstrates it's happening at the
| source (of Windows) too. It's not a good look.
| thewebguyd wrote:
| This is an industry-wide problem, not exclusive to Microsoft.
| I feel like everyone has just outsourced QA to users. There's
| been a drastic decline in software quality at release,
| particularly in the past year-year and a half.
|
| Initially I thought maybe it was just getting difficult to
| maintain these behemoth platforms that have been around since
| the 90s but it's infected the gaming industry as well, total
| green field projects where you can expect the v1.0 release to
| be almost unusable until 1.1 or 1.2+
| eitally wrote:
| I think a lot of it has to do with how little software --
| even enterprise software -- is actually written from the
| ground up. Reliance on both external libraries and modules
| owned by unrelated internal teams has made a lot of both
| the programming and debugging almost black box, where
| effective testing isn't really tractable.
| neya wrote:
| If you use Azure in any realistic production environments, then
| it's on you. Even with $100k in free credits, they couldn't
| convince me to use it for more than a month. It is expensive, the
| interface is highly user unfriendly and most important of all,
| their products don't at all seem reliable for production
| workloads because of stuff like this. Sorry Microsoft, I think
| you can do much better.
| BodyCulture wrote:
| I was laughing recently when at some place they started to
| install MS software on all Linux machines to integrate them
| into Azure. At that point you should just stop and think for a
| while about it. Didn't you go for Linux because you wanted to
| have a reliable system?
| ratg13 wrote:
| The MS security software (for better or worse), is better
| than any open-source linux solution, and can follow attackers
| as they move laterally through the network, instead of linux
| servers being a big black hole were adversaries can do as
| they please.
|
| All security software from any vendor is going to have
| issues, and often you just have to go with whatever the
| company is running for the whole environment and not
| compromising security because of some jokes from the 90s
| BSDobelix wrote:
| >and can follow attackers as they move laterally through
| the network,
|
| That i wanna see ;)))
| blueflow wrote:
| > and can follow attackers as they move laterally through
| the network
|
| ... which does not stop them from disrupting production and
| stealing your data. Your defenses are at the wrong place.
| ratg13 wrote:
| It does stop them, actually. It's not perfect, but it
| does work.
| light_hue_1 wrote:
| The joke from the 90s is the fact that people still use MS
| products and think they aren't compromising security. MS
| have had disastrous outcome after disastrous outcome with
| an uncountable amount of security holes. There's been an
| astronomical toll on the economy from their crappy software
| with no end in sight.
| mschuster91 wrote:
| > The joke from the 90s is the fact that people still use
| MS products and think they aren't compromising security.
|
| Well, it's not like there are that many alternatives.
| macOS is out of the price range for public service and
| most large companies, in addition to a lot of specialist
| software not being available for macOS.
|
| Linux has it even worse regarding application
| compatibility on desktop - and no, WINE is not an option,
| because the kind of software used in public services
| comes with strict stipulations where you can run it,
| sometimes down to minor versions, and if you violate
| that, the vendor can and will refuse support. For a lot
| of FOSS software, there isn't even commercial support
| available so it gets automatically off the list because
| companies actually want to pay people so that they have
| someone to talk to when they get issues. And that's
| before you hit the cost wall that is employee
| (re)training.
|
| IMHO, it would have been the role of our governments to
| mandate MS get their shit together first before diving
| into AI and advertising crap.
| ramses0 wrote:
| However: Micro$oft deserves _massive_ credit for biting
| the bullet and systematically improving their security
| posture post like IE7.
|
| *nix started from a better _initial_ posture as it was
| multi-user, permissioned, and network-aware from the
| start (vs. corporate MS-DOS => single user => GUI =>
| networked), but MS really doubled down on systematic
| improvements that Linux is only now going through.
|
| See the recent CUPS fiasco, C-code from 1999 running as
| root, and the "stuck in the mud" mentality that Linux has
| because there isn't the appetite for consistent
| investment and wholesale overhauls.
|
| It has to do with "activation energy" and "local maxima".
| Linux feels like it's reached the local maxima, and it's
| a pretty tall peak to start from, so we can't get over
| the hump to make a step-change or drop back to a
| hypothetical "POSIX 0.5" so we can pivot to a "POSIX 2.0"
| (eg: take the loss for a decade or so in reduced
| functionality to end up on a more sane "other side" with
| better security principles and systematic depreciation of
| inefficient or insecure API-types).
|
| There was a LWN article which talked about "permissions
| should be managed at the mount level, not the file
| level", and honestly that makes so much more sense, but
| it "loses" POSIX, and no one person is willing to "break
| linux" to admit to that mistake. Tons of other examples
| (eg: file race conditions, unprivileged by default, more
| protections on /usr than /home, etc)
| justinclift wrote:
| > but MS really doubled down on systematic improvements
|
| Doesn't seem to have really worked for MS though, as
| evidenced by their many significant security lapses over
| the last several years.
|
| The US Gov even officially called them out on it a few
| months ago, specifically singling out MS for their
| atrocious repeated security fuck ups.
| ramses0 wrote:
| Downvotes accepted, I guess, but there was a step-change
| improvement. References:
|
| https://www.itprotoday.com/attacks-breaches/the-story-
| behind...
|
| https://www.microsoft.com/en-
| us/security/blog/2022/01/21/cel...
|
| ...while they may also (deservedly) be getting flack now,
| 20 years ago it was orders of magnitude worse.
| nullindividual wrote:
| > *nix started from a better _initial_ posture as it was
| multi-user, permissioned, and network-aware from the
| start (vs. corporate MS-DOS => single user => GUI =>
| networked)
|
| Windows NT started as a multi-user, permissioned, and
| network-aware OS. The team that built NT came from DEC,
| not the MS-DOS team.
|
| Windows Me was the last version of Windows that had any
| form of DOS underpinnings.
| Gud wrote:
| Maybe it looks like a black hole to you - but there are
| open source operating systems with far better security
| practices than anything that came out of Redmond.
| ratg13 wrote:
| Yes, everything works better in a vaccum. You're not the
| first person to notice this.
|
| The point is, that if your organization has chosen an
| enterprise security platform, you don't make exceptions
| because of ideology.
| BodyCulture wrote:
| The ideology here is ,,enterprise security platform".
| This is marketing brainwash.
| ratg13 wrote:
| At the moment I can trace every action of every user on
| every machine, all from one platform that alerts me if
| anything abnormal happens.
|
| As an administrator of around 10,000 servers and devices,
| I have never had this ability before.
|
| I am sure there are better products out there, but this
| is what the company purchased, and the visibility it has
| given us into our organization has been a game changer
| for us.
|
| I apologize for not hating it just because it is
| Microsoft.
| eitally wrote:
| Arguably, I'm not as concerned about "every action of
| every user on every machine" as I am the exceptions, and
| the usability issues the aforementioned "security
| platform" causes in terms of end user efficiency are
| probably not offset by the perceived security gains from
| your POV.
|
| Fwiw, for as much rightful criticism as Google receives
| for things like killing consumer products and behaving
| badly with user data, its internal IT runs better than --
| in my opinion as an ex-employee -- any other large
| enterprise in the world. And it's secure.
| hulitu wrote:
| > The point is, that if your organization has chosen an
| enterprise security platform, you don't make exceptions
| because of ideology
|
| You're right. MS can always blame state actors when
| something fails. /s
| e40 wrote:
| Please give us details, because this seems unbelievable.
| ratg13 wrote:
| It's just basic EDR .. you have events that are flagged
| .. so on linux, let's say someone does something like
| setuid or setgid on a system file. Innocuous but
| potentially dangerous actions like this get flagged in
| the system.
|
| These events are correlated against other actions that
| might have happened on the same system or other systems
| that the user had logged onto prior to this one.
|
| Even if it's not the same user, the events are still
| correlated and alerted upon if suspicous. (both
| individually and holistically)
|
| If users are using microsoft authentication for access,
| the accounts will be flagged and locked out, generally
| forcing users to fully authenticate with MFA and forcing
| a password change.
| hulitu wrote:
| > If users are using microsoft authentication for access,
| the accounts will be flagged and locked out, generally
| forcing users to fully authenticate with MFA and forcing
| a password change.
|
| Last i heard the "state actors" had access to AD master
| credentials.
| simonh wrote:
| Microsoft isn't the only company to provide a service
| like this, and the others are cross platform.
| gruez wrote:
| Crowdstrike, for instance :^)
| BobaFloutist wrote:
| Hey, an outage is better than a hack...right?
| lkjdsklf wrote:
| A crashed machine is a secure machine.
|
| That's what grampy used to say
| opwieurposiu wrote:
| If you can't boot it, they can't hack it.
| EricE wrote:
| Or open source - security onion is amazing!
| stogot wrote:
| All the Linux shops I know not using MS security are doing
| just fine and probably better given the current headline
| you're commenting under
| ratg13 wrote:
| You seemed to have missed my point entirely.
|
| If your organization is running a chosen enterprise
| security solution, often fragmentation is not better,
| whatever your reasoning.
| BodyCulture wrote:
| This is wrong. What you see as fragments are security
| boundaries for others.
| BSDobelix wrote:
| Correct that's why for example the Root-DNS servers run
| Linux,FreeBSD and Windows.
| BodyCulture wrote:
| Mostly it's the other way around: attackers follow MS
| ,,security software" to get deep into your systems.
| hulitu wrote:
| > Mostly it's the other way around: attackers follow MS
| ,,security software" to get deep into your systems.
|
| Don't tell them. They just forgot about this with the new
| Win 11 24H2.
| hulitu wrote:
| > The MS security software (for better or worse), is better
| than any open-source linux solution
|
| is it able to detect ransomware ?
|
| Seeing MS and security in the same sentence makes me
| suspicious.
| stackskipton wrote:
| Yes. Their security products are not terrible outside the
| fact many are acquisitions that have been shoehorned
| poorly into InTune.
| BSDobelix wrote:
| >I think you can do much better.
|
| Not to be a troll, but I really think they cannot. The last
| "good" product they made was SQL-Server/Exchange/Windows2000,
| and that was a long time ago.
| renegade-otter wrote:
| Just judging by the deteriorating state of the Windows OS...
|
| I know these are different divisions, but it does say
| something about the culture. Windows has always been a
| dumpster fire, but when it was built by nerds and not
| managers, it felt more, uh, tolerable.
| phkahler wrote:
| >> Windows has always been a dumpster fire..
|
| It was always a dumpster fire for security, but it did have
| a pretty good UI and functionality at say XP-SP3, but now
| the UX had been thrown on the fire too.
| renegade-otter wrote:
| I _remember_ enjoying using Windows 2000 /XP but I feel
| like that's my nostalgia talking. I was customizing a new
| installation for days, messing with registry keys and
| obscure settings dialogs. It was never that user-friendly
| to begin with. After having used MacOS for the last few
| years, I do not miss the hassle.
|
| To be fair, not a lot of things were user-friendly back
| then, and Windows _was_ the standard consumer OS for a
| good reason. It was solidly OKAY.
|
| Using the latest versions of Windows, however, is just
| infuriating even without any complicated setup.
| Gud wrote:
| Absolutely not your nostalgia talking.
|
| I'm as OS agnostic as they come and Win2k was the last
| true great desktop OS.
|
| I now use FreeBSD almost exclusively, with miscellaneous
| VM guests.
| bbkane wrote:
| I actually REALLY LIKE MacOS, especially workspace/window
| management when using Rectangles. So much so that I'm
| trying to recreate it on Linux (I don't want to buy a new
| Mac when I have a perfectly good gaming desktop to
| repurpose for dev work).
| Gud wrote:
| MacOS is pretty good, can't argue with you there.
| eitally wrote:
| I grew up with an Apple II, then switched to Windows from
| 3.11 for Workgroups all the way up to Vista, at which
| point I switched to desktop Linux (variety of distros,
| but mostly ended up on Kubuntu in my house and Mint for
| family). Then it was 8 years of ChromeOS. The past couple
| of years I've been on MacBooks and, although there are
| quirks I don't really like, I can't argue with the fact
| that it mostly "just works", which is really the primary
| requirement of any operating system.
| Gud wrote:
| Still, I would say peak Win2k was faster, cleaner and
| more no nonsense than modern MacOS. I use macs as well,
| they are not at all as snappy as windows 2000 was.
| rightbyte wrote:
| > but when it was built by nerds and not managers, it felt
| more, uh, tolerable.
|
| The 'WIN32_LEAN_AND_MEAN' era. Ye. Way more relatable than
| todays malware riddled joke of an OS. It is too bad since
| the Windows 7 foundation seems OK.
| mrweasel wrote:
| While I can think of a few other, dotnet and Visual Studio, I
| think that you're generally correct.
|
| Microsoft, Google and others, have created a culture that are
| no longer able to produce high quality solutions, because
| they can't focus on a single vision for their products. Or in
| some cases the vision does not align with creating good
| products.
|
| SQL Server is a really good example, it's highly focused, it
| exists outside the current hype bobble, there's no
| advertising, no subscription, just a database server and it's
| a really good product. Exchange sucks, because it been pulled
| in to new subscription based world, and it's going to suffer
| for it.
| j16sdiz wrote:
| dotnet is a mixed bag of good and bad.
|
| VSCode catch on, but i would rather have Atom instead.
|
| Exchange have beth broken before migrating to cod
| Tempest1981 wrote:
| > migrating to cod
|
| cod? Call of Duty?
| dijit wrote:
| Famously, visual studio gets worse- not better, with time.
|
| https://youtu.be/GC-0tCy4P1U
| marcosdumay wrote:
| Well, it gets better and worse, with a worsening trend.
| It's not monotonic, so one can easily point "hey, VS XX
| is better than VS YY for some XX > YY".
| preciousoo wrote:
| The topic is good software and you mention Visual Studio?
| cookingrobot wrote:
| I worked on Windows 2000, thanks! But Windows 7 was better.
| sublimefire wrote:
| It really depends on what type of business you run and who will
| be building and maintaining the system. Azure gives the
| business the ability to integrate with other MS systems and has
| good sales teams who will hold your hand. If you are an ISV
| then it is not that important to you, instead you need specific
| SLAs, region support and an easy path for the integration.
| Overall nobody cares about small teams that count every penny
| and spend up to XXk a month on infra because they could spin up
| their openstack cluster at any moment and leave.
|
| I agree there is room for improvement but your arguments are
| weak. The user interface (whoever is using it?) is questionable
| in AWS and in GCP as well, IMO it is because of the underlying
| complexity in all clouds. Reliability statement should be
| backed by the existing SLA, or is it some complaint that MS
| does not provide four/five 9s for every service? The bit about
| it being expensive depends on what you compare it with, AWS is
| notorious as well, every time you need something to build you
| do not know if that will cost 1k or 10k per month.
|
| I am not some sort of Azure fanboi and love AWS but there are
| things MS is good at as well, however people hate that.
| jnsaff2 wrote:
| portal.azure.com developers are _proud_ to claim that they have
| the largest SPA in the world[0]. I hated every moment of using
| it.
|
| [0] https://learn.microsoft.com/en-us/shows/visual-studio-
| visual...
| moi2388 wrote:
| And if you change some state, better refresh the page because
| updating the UI or two way data binding isn't something they
| haven't figured out yet at Microsoft apparently
| marcosdumay wrote:
| Oh, if the devops (new tfs) interface redesign is a
| representative sample, it's easy to make the world's largest
| SPA when you convert simple form submits into 5 JS-loaded
| logical pages, with unreliable navigation and complex JS
| session data that is too large to transfer on a LAN.
|
| I imagine they can beat any record with a simple single-table
| CRUD.
| prennert wrote:
| When you come from other cloud providers, working with Azure
| has so many dark-orange flags. It feels totally inconsistent
| and patched together. This makes it hard for me to believe that
| anybody can properly audit it for security.
|
| The most uncomfortable part is their log in. The amount of re-
| directs and glitches there are insane. Its hard to believe that
| it works as intended.
|
| As an example, for some reason I could not download the BAA
| because trying to download it lead to a login loop on their
| trust website, while I was still able to see the Azure console
| ok in the same browser.
|
| When I signed out of my Azure account to try if a fresh login
| helped, it did not trigger my 2FA at the next login. In my
| mind, if I actively logged out from a browser window, I
| withdraw my trust in that device. So not being triggered for
| 2FA is a massive red flag.
|
| (no I still could not download the BAA, nor file a ticket for
| it, but somehow a colleague could download it ok.)
| mrweasel wrote:
| > It feels totally inconsistent and patched together.
|
| I believe that multiple article, e.g. on The Register, has
| mentioned that people who have left the Azure team has
| routinely complained that the pace was to high, and that
| everything is pretty much duct taped together. This was years
| ago, so it may have changed.
| m_mueller wrote:
| Narrator: It hasn't.
| stogot wrote:
| I read that recently after their security breaches
| stogot wrote:
| I have had similar issues. And I know a fair amount about
| these systems, and still cant figure what the backend mess
| looks like that results in these problems. I found a
| reproducible login bug on Teams and spent a while trying to
| figure out who to report it to and gave up
| chrisandchris wrote:
| > [...] is their log in.
|
| On every first try, I cannot log in into Azure Portal. I
| chlick "try again", it works. And it's like that for months,
| if not years.
|
| IMHO it says a lot of your culture if every first interaction
| of your customers with your product end with an error - and
| you simply don't care to fix it.
| paulryanrogers wrote:
| I wonder if things like this are due to testing only on the
| vendor's own/preferred browser. In this case Edge?
| rat9988 wrote:
| Almost 0 chance.
| velcrovan wrote:
| No offense, but consider that there's a chance it's a
| problem on your end. I have never had this issue, and no
| one I know has had this issue.
| deathanatos wrote:
| Every login I've ever done into the Azure portal is like
| the upstream describes: an absurd number of redirections
| and refreshes that leave you wondering "is it _supposed_
| to work like that? "
|
| I've also encountered strange bugs, like asking to log
| into tenant A and getting logged into, instead, tenant B.
| In a loop, effectively locking me out.
|
| The exact quirks and bugs seem to come and go, I presume
| as the code is changed & updated.
| velcrovan wrote:
| Sure, but Azure also exposes an extremely large array of
| knobs and buttons that put the tenant admin squarely in
| control of what "login" means in the first place: the
| kinds of authentication allowed or required, by whom,
| under what risk profiles, for which applications, etc. If
| you feel like it is screwed up there is, as likely as
| not, action that it is the tenant admin's -- not MS's --
| responsibility to take, to fix it. I don't know what to
| tell you about refreshes, that's just how Oauth works
| mostly. I'm tempted to take a video of myself logging
| into the Azure portal right now just to ask what about it
| is so weird.
| NBJack wrote:
| Will add my anecdotal evidence: I've seen this across the
| board from Microsoft. I've been a customer for several
| decades, and it is a bit of a nightmare now.
|
| Logins that redirect to odd places. Jolting issues
| because you changed a seemingly innocuous security
| setting (i.e. OneNote refuses to sync on specific
| versions of the app/software if you don't grant them full
| access). Or just inconveniences, like having to login
| multiple times across their own sites when I dive into
| Office settings management. Seemingly forced use of the
| Microsoft Authenticator app from time to time.
|
| Multiple computers, multiple devices. I can usually work
| around it, but it is a pain.
| chrisandchris wrote:
| None taken.
|
| It is probably my "fault" by using Safari (no extensions)
| and not the all-praised(tm) Edge.
|
| I couldn't add a billing profile to my MPN account the
| other day - endless loading without any indicator of
| success. It did work in Chrome though, except the "save"
| action which resulted in endless loading too, but still
| saved everything as expected.
| lukeschlather wrote:
| I would guess it is a problem with OP's account. Which is
| to say it is thoroughly a Microsoft problem, and probably
| one that could be fixed but would require weeks of back-
| and-forth until someone with direct access to some number
| of auth databases corrected the issue.
|
| I will say, they made a change to the auth system
| recently that made log-in significantly worse. Now
| several times a day my session expires or something and I
| go through a 5-10 second redirect flow which visibly
| jumps between different login APIs to refresh my log in
| state. (And of course this happens at the start of the
| day.)
| velcrovan wrote:
| It's also possible your tenant admin updated Conditional
| Access rules for some locations or applications. Or maybe
| they screwed up the Hybrid AAD sync from the on-premise
| DC. As I've been trying to point out elsewhere, tenant
| admins have a much higher influence on these outcomes
| than people are willing to admit, and there are a lot of
| admins out there who can't be arsed to keep up. I've made
| some of those mistakes myself.
| nabbed wrote:
| I have a similar (yet different) experience. I rarely
| (e.g., once every few months) log into the portal and it
| dies with some impenetrable error _if_ I use the same
| browser on which I last successfully logged in. So I often
| find myself firing up an incognito browser so I can log in.
|
| My guess is that some change to the login process is not
| compatible with the cookies I have sitting around from the
| last time I logged in.
| moi2388 wrote:
| It's not. Their security has known massive issues and
| security holes, and they consciously do not fix them.
|
| Look at the CVEs for azure, msal and Active Directory for
| some good laughs.
|
| Now realise most governments, large companies and education
| works on this
| hedora wrote:
| I've never used Azure, but my kid plays Minecraft (offline),
| and got forced into using a Microsoft account to login.
|
| From what I can tell, they use it as proving ground for
| whatever crap they're going to force on other applications.
|
| After getting it to work on a raspberry pi, I decided I
| wouldn't use any logged in Microsoft product in a
| professional setting.
|
| Anyway, I'm sure they'll eventually unify GitHub and LinkedIn
| login the same way they did with Minecraft. At that point,
| our industry will implode.
| blitzar wrote:
| When you come from bare metal, working with any of the cloud
| providers feels totally inconsistent and patched together.
| 7bit wrote:
| When you promote a Windows server 2016 or higher) to a domain
| controller, you suddenly get error message when trying to
| open the network adapter through the "new" settings app. You
| must open through control.exe, everything else just throws an
| error.
|
| I opened bug with the Microsoft Premier support and they told
| me that this works as intended.
|
| So when Microsoft says, it works as intended, it can still be
| bugged to hell and back. They just don't care.
| miyuru wrote:
| > If you use Azure in any realistic production environments,
| then it's on you
|
| its unfortunately decided by the higher ups, who just follows
| the hype train.
| mistrial9 wrote:
| I disagree this is "hype train" trails that lead to Azure.
| Management and their legal departments navigate in different
| ways.
| Citizen_Lame wrote:
| This is wrong take on Microsoft. In their entire existence they
| couldn't do better and they will never be able to do so.
|
| There is no incentive, as long as monopoly money from captures
| audience keeps rolling in.
| rdl wrote:
| For a long time they were the leader in confidential computing
| and a few other specific things.
| rhaps0dy wrote:
| Azure Blob storage is considerably cheaper than S3 or Google,
| for example. (Not cheaper than Cloudflare, but that one doesn't
| have a supported FUSE driver). I've been trying hard to find
| instances where they lost data and could not.
|
| Them offering the ~same product but cheaper is good.
| nijave wrote:
| iirc Blob Storage is tied to a "storage account" that has
| throughput limits that can't easily be changed so it has a
| performance ceiling
| gruez wrote:
| >Azure Blob storage is considerably cheaper than S3 or
| Google, for example
|
| Really? I did a quick search and azure charges 2.08 cents per
| GB for "hot" storage compared to 2.3 cents for aws. That's
| not that big of a difference. Am I missing something?
| crmd wrote:
| The UI, retail pricing, and reliability reputation are not
| primary factors for large enterprise IT infrastructure and
| cloud decision makers. They look at:
|
| 1. Executive Support - can you assure me that MSFT will have my
| back when (not if) the shit hits the fan? Can I count on Satya
| or Jason Zander calling my CEO to reassure them if we're
| working through a catastrophic issue? Because as an executive
| my career at this company is over otherwise when that happens.
|
| 2. Industry and analyst landscape - Which of my competitors /
| peers use your technology? I won't be first in the pool. What
| does Gartner tell me about your company behind closed doors?
|
| 3. Competitive - Do any of your divisions compete directly with
| any of ours? Because I'll be fired at the next board meeting if
| they read in the WSJ that we're funding an adversary.
|
| Cost is negotiable, what is a UI?, and sorry, I don't care if
| all of the above is good but Azure isn't the engineers'
| favorite thing. Y'all work for me.
| miah_ wrote:
| Having worked for many bosses like you, I think the solution
| is clear: tech needs more unions and co-ops.
| crmd wrote:
| I'm 100% pro union and not the guy you're thinking of.
| Apologies if that wasn't clear because of the first person
| writing in my comment.
|
| I'm an engineer on the vendor side that begrudgingly got
| promoted into CTO role where I was helping get deals done
| with F100 c-levels. So I know how these people think. I
| hated it, left enterprise a few years ago and never looked
| back.
| thewebguyd wrote:
| > 3. Competitive - Do any of your divisions compete directly
| with any of ours? Because I'll be fired at the next board
| meeting if they read in the WSJ that we're funding an
| adversary.
|
| This is a big point that others in this thread are missing.
| Amazon is increasingly competing in more and more spaces, and
| companies are rightly hesitant to get into bed with Amazon
| when they are a direct competitor. Azure is the only other
| serious choice, GCP isn't even going to be considered.
|
| Silicon Valley might run on AWS but the rest of non-tech
| company corporate America runs on Azure (or on-prem still).
| The IT landscape looks a lot different outside of the SF Bay
| Area SaaS bubble.
| stackskipton wrote:
| It's the reason we are over in Azure. We compete somewhat
| with Amazon retail and our customers compete 100%.
| victor106 wrote:
| Agree 100% with this.
|
| One example is if you have multiple subscriptions and you want
| to select a particular subscription; the UI is so horrendous
| that even after using it everyday it's so confusing. It's such
| a simple thing that I am sure MSFT implemented it a million
| times but they just can't do it in Azure.
|
| It's the worst of the three cloud providers.
|
| The main reason they are second is because they have a sales
| org that sells well to naive cto's.
| imglorp wrote:
| Even internally: "Not even LinkedIn is that keen on Microsoft's
| cloud: Shift to Azure abandoned"
|
| https://www.theregister.com/2023/12/14/linkedin_abandons_mig...
| eitally wrote:
| To be comparatively fair, Google doesn't run almost any of
| it's public products on Google Cloud, either (nor many of the
| internal apps).
| belter wrote:
| "Azure's Security Vulnerabilities Are Out of Control" -
| https://www.lastweekinaws.com/blog/azures_vulnerabilities_ar...
| rmbyrro wrote:
| Microsoft just opened a new startup vertical: security services
| for security logs. If those startups use Azure to run their
| production workloads, the industry will quickly enter an
| infinite loop and skyrocket to $2 trillion/yr.
| pier25 wrote:
| It's amazing Azure has 2-3x the market share of Google Cloud
| with a much worse service.
|
| Is this because of corps using dotnet and Microsoft SQL?
| stackskipton wrote:
| Really, have you used Google Cloud?
|
| Big Enterprises need alot of bells and whistles and for the
| longest time, Google Cloud didn't have those bells and
| whistles. For example, App Engine for longest time didn't
| have internal IP only. It has it's now but whole point, most
| people have already evaluated their cloud and picked it.
|
| Also, Google used to be or still is terrible at talking to
| customers. Big Enterprises require people at Google to
| actually talk to customers, something Google is notoriously
| terrible at.
|
| Finally, Google Deprecation Policy has done them in. Many
| CTOs are scared to get into bed with Google due to it:
| https://steve-yegge.medium.com/dear-google-cloud-your-
| deprec...
| azuresucksdeez wrote:
| Azure sucks. Especially the Batch Service, the jobs scheduler is
| not accurate at all.
| PunchTornado wrote:
| There were comments here about how msft is more enterprise
| friendly than google because they don't lose any data. msft is
| the opposite of reliable.
| passwordoops wrote:
| And MS expects us to trust they can deliver a functional, useful
| "AI" service product?
| lupusreal wrote:
| It could be functional and useful, but I wouldn't bet on
| secure.
| JohnMakin wrote:
| Some of the worst infrastructure I've ever seen with terrible
| practices had elaborate mechanisms in place to make this kind of
| thing effectively impossible, because if it happens it's...
| pretty damn bad. I'm not sure I'd ever want my business to sit on
| Azure-managed cloud infra even before this. I'm trying to go
| through some thought experiments and even imagine how something
| like this is possible without some kind of full-system
| catastrophic error and I'm struggling.
| ruffrey wrote:
| Let's to forget this long article from just over a month ago,
| outlining Microsoft's failings and seemingly willful neglect
| regarding cybersecurity overseas.
| https://www.lawenforcementtoday.com/bombshell-allegations-th...
| eitally wrote:
| On the one hand, there are some important nuggets in this
| report. On the other hand, Schiller doesn't seem like an
| entirely credible witness _and_ his outreach to look for
| government oversight seems limited to extreme MAGA Republican
| lawmakers, which is also telling.
|
| That said, I 100% agree that 1) relying on foreign national
| support staff to support critical USG infrastructure should not
| be allowed, and 2) all the big tech companies -- including the
| hyperscalers -- have deals with the PRC via domestic proxy
| businesses (Tencent, Alicloud, etc) in order to allow them to
| operate in China. There isn't enough oversight of these
| contracts, or the terms allowing Chinese hands-on access to the
| hardware & software stacks.
| bzmrgonz wrote:
| Smells like cover-UP TO ME. `Their syslogs reveal an exploit in
| our platform sir!' <Marketing dept> 'Quick everyone, lets lose
| their logs and buy some more time'
| Smar wrote:
| Did NSA steal them?
___________________________________________________________________
(page generated 2024-10-21 23:01 UTC)