Skip to content


Persistence consists of techniques that attackers use to keep access to the storage account due to changed credentials, and other interruptions that could cut off their access. Techniques used for persistence include any access, action, or configuration changes that let them maintain their foothold on systems.

ID Name
MS-T813 Firewall and virtual networks configuration changes
MS-T808 Role-based access control permission
MS-T806 Create SAS token
MS-T807 Container access level property
MS-T809 SFTP account
MS-T830 Trusted Azure services
MS-T829 Trusted access based on a managed identity
MS-T812 Private endpoint