Azure Tenant Takeover: From Exposed Config to Global Admin

A soft-deleted file in a public blob container, still retrievable through versioning, leaks a SAS token that exposes an entire file share, ultimately cascading into a complete Azure tenant takeover through managed identity abuse, federated credential injection, and Graph API self-escalation.