←back to thread

Microsoft said it lost weeks of security logs for its customers' cloud products

(techcrunch.com)
285 points alephnerd | 1 comments | 20 Oct 24 21:42 UTC | HN request time: 0s | source
Show context
neya ◴[21 Oct 24 07:28 UTC] No.41901576[source]
If you use Azure in any realistic production environments, then it's on you. Even with $100k in free credits, they couldn't convince me to use it for more than a month. It is expensive, the interface is highly user unfriendly and most important of all, their products don't at all seem reliable for production workloads because of stuff like this. Sorry Microsoft, I think you can do much better.
replies(15): >>41901755 #>>41902286 #>>41902571 #>>41902679 #>>41902715 #>>41903167 #>>41903320 #>>41903580 #>>41903869 #>>41904371 #>>41904976 #>>41905535 #>>41905826 #>>41905858 #>>41907485 #
prennert ◴[21 Oct 24 10:43 UTC] No.41902715[source]
When you come from other cloud providers, working with Azure has so many dark-orange flags. It feels totally inconsistent and patched together. This makes it hard for me to believe that anybody can properly audit it for security.

The most uncomfortable part is their log in. The amount of re-directs and glitches there are insane. Its hard to believe that it works as intended.

As an example, for some reason I could not download the BAA because trying to download it lead to a login loop on their trust website, while I was still able to see the Azure console ok in the same browser.

When I signed out of my Azure account to try if a fresh login helped, it did not trigger my 2FA at the next login. In my mind, if I actively logged out from a browser window, I withdraw my trust in that device. So not being triggered for 2FA is a massive red flag.

(no I still could not download the BAA, nor file a ticket for it, but somehow a colleague could download it ok.)

replies(7): >>41902823 #>>41903429 #>>41904108 #>>41904633 #>>41904940 #>>41905080 #>>41909148 #
chrisandchris ◴[21 Oct 24 13:45 UTC] No.41904108[source]
> [...] is their log in.

On every first try, I cannot log in into Azure Portal. I chlick "try again", it works. And it's like that for months, if not years.

IMHO it says a lot of your culture if every first interaction of your customers with your product end with an error - and you simply don't care to fix it.

replies(3): >>41904452 #>>41904654 #>>41907751 #
velcrovan ◴[21 Oct 24 14:38 UTC] No.41904654[source]
No offense, but consider that there's a chance it's a problem on your end. I have never had this issue, and no one I know has had this issue.
replies(4): >>41904917 #>>41905200 #>>41905375 #>>41905460 #
1. NBJack ◴[21 Oct 24 15:26 UTC] No.41905200{3}[source]
Will add my anecdotal evidence: I've seen this across the board from Microsoft. I've been a customer for several decades, and it is a bit of a nightmare now.

Logins that redirect to odd places. Jolting issues because you changed a seemingly innocuous security setting (i.e. OneNote refuses to sync on specific versions of the app/software if you don't grant them full access). Or just inconveniences, like having to login multiple times across their own sites when I dive into Office settings management. Seemingly forced use of the Microsoft Authenticator app from time to time.

Multiple computers, multiple devices. I can usually work around it, but it is a pain.