Microsoft and CISA recently disclosed a security incident involving Exchange Online and Outlook.com. A threat actor attributed to China, Storm-0558, acquired a private encryption key and used it to forge access tokens for Outlook Web Access and Outlook.com. While Microsoft initially stated that only those two services were affected, further research by Wiz Research revealed that the compromised key could have allowed the threat actor to forge access tokens for other Azure Active Directory applications. The incident highlights the importance of securing identity provider keys, as they hold significant power and can grant immediate access to various accounts and services. The full extent of the incident is still being investigated.
https://www.wiz.io/blog/storm-0558-compromised-microsoft-key-enables-authentication-of-countless-micr