Skip to content


The purpose of the Azure Threat Research Matrix (ATRM) is to conceptualize the known tactics, techniques, and procedures (TTP) that adversaries may use against the Azure platform. Inspired from MITRE ATT&CK, ATRM is designed to give quick insight into a potential TTP that an adversary may be using in their attack campaign. While some tactics in ATT&CK may pertain to Azure, the ATRM is meant to be specific within Azure AD and Azure Resources. The ATRM is created by Ryan Hausknecht (@haus3c) of the Microsoft EDG Raptor team.

You can read the release blog post here: