Microsoft accidentally exposed a Dynamics 365 certificate and private key for at least 100 days. Software developer Matthias Gliwka discovered the issue while working with the cloud version of the Microsoft ERP system. The certificate was exposed in the Dynamics 365 sandbox environment that is used for user acceptance testing (also referred to as sandbox) The issue was solved on 5 December, months later it first notification on 17 August. An attacker could extract the certificate an attacker could s access to any sandbox environment.”]
Source: https://securityaffairs.co/wordpress/66626/hacking/microsoft-dynamics-365-mitm.html