AZT501 - Account Manipulation#
An adverary may manipulate an account to maintain access in an Azure tenant
| ID | Name | Description | Action | Resources |
|---|---|---|---|---|
| AZT501.1 | User Account Manipulation | An adverary may manipulate a user account to maintain access in an Azure tenant | microsoft.directory/users/password/update | Azure Active Directory |
| microsoft.directory/users/enable | ||||
| microsoft.directory/users/restore | ||||
| AZT501.2 | Service Principal Manipulation | An adverary may manipulate a service principal to maintain access in an Azure tenant | microsoft.directory/servicePrincipals/enable | Azure Active Directory |
| microsoft.directory/servicePrincipals/credentials/update | ||||
| microsoft.directory/servicePrincipals/owners/update | ||||
| AZT501.3 | Azure VM Local Administrator Manipulation | An adverary may manipulate the local admin account on an Azure VM | microsoft.compute/virtualMachines/extensions/write | Azure Virtual Machine |