This JNDI "feature" is 8 years old. It was merged in 2013 from what I have seen, and has been defended by some as an "useful" feature. It has been known since at least BlackHat 2016 presentation that this is an…
The Schrems II judgement might be applicable. I know that in the EU-based company I work for we have strict requirement for all cloud providers to comply with Schrems II, and not send/store any personal data to outside…
How about their bug tracking software, MS equivalent to Jira issue tracker (I assume they aren't using an outside product). Do we know if they had access to their issue tracker? That would make it far easier to make…
This JNDI "feature" is 8 years old. It was merged in 2013 from what I have seen, and has been defended by some as an "useful" feature. It has been known since at least BlackHat 2016 presentation that this is an…
The Schrems II judgement might be applicable. I know that in the EU-based company I work for we have strict requirement for all cloud providers to comply with Schrems II, and not send/store any personal data to outside…
How about their bug tracking software, MS equivalent to Jira issue tracker (I assume they aren't using an outside product). Do we know if they had access to their issue tracker? That would make it far easier to make…