Skip to content
TheCloud.Events

Microsoft.Authorization/locks/delete

CSP: Azure
Tactics:
Defense Evasion
Techniques:
T1562
Tags:
Azure Authorization

Event

Deletes a resource lock, removing protection against deletion or modification of critical resources.

Security Context

  • Resource locks are a safeguard that prevents accidental or malicious deletion and modification of critical Azure resources; removing them is a prerequisite for destructive actions.
  • Adversaries delete resource locks to clear the path for resource deletion, configuration changes, or data destruction that would otherwise be blocked by the lock.

Log Source

Azure Activity Log

Sample Event

MITRE ATT&CK Mapping

Tactics: Defense Evasion

Techniques:
  • T1562 — Impair Defenses — Adversaries may maliciously modify components of a victim environment in order to hinder or disable defensive mechanisms. This not only involves impairing preventative defenses, such as firewalls and anti-virus, but also detection capabilities that defenders can use to audit activity and identify...