Compromised Microsoft Key: More Impactful Than We Thought ( www.wiz.io )
According to Microsoft, the compromised key was inactive and therefore any access token signed by this key must be considered suspicious.
Unfortunately, there is a lack of standardized practices when it comes to application-specific logging. Therefore, in most cases, application owners do not have detailed logs containing the raw access token or its signing key. As a result, identifying and investigating such events can prove exceedingly challenging for app owners.
![](https://kbin.pithyphrase.net/media/cache/resolve/entry_thumb/e3/08/e30834fc4064791ed52dadf36b3720776542252193e6fcfb3c571afbf17e7d5f.png)