October's Azure Blob attack wave was misconfiguration, not zero-days. Here are ten ISM controls written as Azure Policy you can enforce and prove.
Draft outline · Compliance-as-code lensIn October 2025 Microsoft warned of rising attacks on Azure Blob Storage exploiting exposed credentials and misconfiguration, and industry data attributes a large share of cloud breaches to misconfiguration. Written as Azure Policy, a control is enforced continuously and its state is a thing you can diff, not a claim in a document.
Primary reporting on the misconfiguration attack wave and the specific mistakes exploited.
Independent analysis of the data-exposure pattern and why misconfiguration keeps winning.
The purest expression of deployed configs, not strategy documents. Compliance-as-code is defensible in procurement and auditable by an assessor, and it shows our work is inspectable rather than asserted.