The issue was specific to services that used Microsoft's .NET libraries for Azure AD authentication without doing additional checks for auth token validity [1], which was not "all of Microsoft". There's no public list of what components are used where AFAIK, we just know that MS says forged auth tokens were successfully used on Exchange Online email. It is sensationalizing to say the entire Azure cloud was hacked.
This is not to downplay how bad Microsoft's security lapses were, and how bad their announcements were. The most horrifying part to me, besides the need for "premium" logs to detect a breach which I'd been complaining about before this, was how PR seemed to blame the Exchange Online team for misusing the authentication libraries, but later they updated the libraries and said the token validation issue was "corrected using the updated libraries". That feels like internal blame shifting out in public.
This is not to downplay how bad Microsoft's security lapses were, and how bad their announcements were. The most horrifying part to me, besides the need for "premium" logs to detect a breach which I'd been complaining about before this, was how PR seemed to blame the Exchange Online team for misusing the authentication libraries, but later they updated the libraries and said the token validation issue was "corrected using the updated libraries". That feels like internal blame shifting out in public.
[1] https://msrc.microsoft.com/blog/2023/09/results-of-major-tec...