AZT507 - External Entity Access#
Adversaries may configure the target Azure tenant to be managed by another, externel tenant, or its users.
|AZT507.1||Azure Lighthouse||Adversaries may utilize Azure Lighthouse to manage the target tenant from an external tenant.||Microsoft.ManagedServices/registrationAssignments/Write||AzureAD|
|AZT507.2||Microsoft Partners||Adversaries may use Delegated Administrative Privileges to give themselves administrator access to the target tenant.||N/A||AzureAD|
|AZT507.3||Subscription Hijack||An adversary may transfer a subscription from a target tenant to an attacker-controlled tenant.||N/A||Azure Subscription|
|AZT507.4||Domain Trust Modification||An adversary may add an additional identity provider or domain to maintain a backdoor into the tenant.||N/A||AzureAD|