Executive summaryWiz Research discovered a new attack vector in Azure Active Directory that exposed misconfigured applications to unauthorized access. These misconfigurations are fairly popular, especially with Azure App Services and Azure Functions. Based on our scans, about 25% of multi-tenant applications turned out to be vulnerable. We found several high-impact, vulnerable Microsoft applicatio