Have you set up a domain and pointed to a cloud resource and then deleted the site? Have you left behind the CNAME in your domain name services settings? Many admins have, and attackers know it. These lapses allow attackers to create a site in your subdomain records and take over these sites. Subdomain takeovers are too common especially in large organizations that create and delete many resources. CNAME records in particular are open to takeovers. Malicious actors often use these sites to redirect traffic and activity to various other sites. Even Microsoft isn’t immune to the problem.