AZT501 - Account Manipulation#
An adverary may manipulate an account to maintain access in an Azure tenant
ID | Name | Description | Action | Resources |
---|---|---|---|---|
AZT501.1 | User Account Manipulation | An adverary may manipulate a user account to maintain access in an Azure tenant | microsoft.directory/users/password/update | Azure Active Directory |
microsoft.directory/users/enable | ||||
microsoft.directory/users/restore | ||||
AZT501.2 | Service Principal Manipulation | An adverary may manipulate a service principal to maintain access in an Azure tenant | microsoft.directory/servicePrincipals/enable | Azure Active Directory |
microsoft.directory/servicePrincipals/credentials/update | ||||
microsoft.directory/servicePrincipals/owners/update | ||||
AZT501.3 | Azure VM Local Administrator Manipulation | An adverary may manipulate the local admin account on an Azure VM | microsoft.compute/virtualMachines/extensions/write | Azure Virtual Machine |