Success.office.com is the first vulnerability which is affiliated to a Microsoft Azure Web app service which is no longer available. The researcher had taken the subdomain with the name successcenter-msprod and this enabled them to control the domain success.microsoft.com which is highly unexpected and this uses all the data and send them to it as valuable information.
Another one is improper authentication access to Microsoft Outlook, Microsoft Store and Sway! Researchers were able to access the tokens which could be exchanged for a session token and also compromising login. Vulnerabilities are common for a large company but this has to be stopped immediately, which can give more access for an attacker to gain all the access to take away the valuable customer and other client details!
The worst case scenario is even an antivirus is used as the first step to stop vulnerabilities, An attacker can easily bypass the antivirus and gather information in this time!