In terms of easy AuthZ bypasses from Microsoft, the Azure OMIGOD vulnerability [0] comes to mind, aka "CVE-2021-38647 - Remote Code Execution - Remove the Authentication header and you are root."
To be fair to Microsoft, Apple also had one of these (although it only affected your local machine) with CVE-2017-13872 which let you become root by entering the username "root," clicking into the empty password field, and pressing Submit. [1]
I'll repeat my comment from upthread: authorization is hard!
In terms of easy AuthZ bypasses from Microsoft, the Azure OMIGOD vulnerability [0] comes to mind, aka "CVE-2021-38647 - Remote Code Execution - Remove the Authentication header and you are root."
To be fair to Microsoft, Apple also had one of these (although it only affected your local machine) with CVE-2017-13872 which let you become root by entering the username "root," clicking into the empty password field, and pressing Submit. [1]
I'll repeat my comment from upthread: authorization is hard!
[0] https://www.wiz.io/blog/omigod-critical-vulnerabilities-in-o...
[1] https://objective-see.org/blog/blog_0x24.html