Azure Add App Role Assignment To Service Principal
Grants an application role to a service principal, allowing it to act with that role's permissions within the application.
Tag: Azure
Azure
All events with tag Azure.
Azure Add Application
Creates and registers a new application in Microsoft Entra ID, establishing an identity that can authenticate and request access tokens.
Azure Add Eligible Member To Role In Pim Completed
Adds a user as an eligible member for a privileged role in Azure PIM, allowing them to activate the role on demand.
Azure Add Federated Identity Credential
Adds a federated identity credential to an application, enabling secretless persistent access via workload identity federation.
Azure Add Member To Role
Directly assigns a user or service principal to an Entra ID directory role, granting that role's permissions.
Azure Add Owner To Application
Adds an owner to an Entra ID application registration, granting them management rights over the application.
Azure Add Owner To Group
Adds an owner to a group, granting the ability to modify group membership for lateral movement.
Azure Add Role Definition
Creates a new custom Azure RBAC role definition with specified allowed and denied actions.
Azure Add Service Principal
Creates a service principal in Entra ID, representing the identity instance of an application within a tenant.
Azure Add User
Creates a new user account in Microsoft Entra ID.
Azure Add Verified Domain
Adds a custom domain to a Microsoft Entra ID tenant and initiates the domain verification process.
Azure Admin Registered Security Info
Records an administrator registering authentication methods (e.g., MFA) on behalf of another user in Entra ID.
Azure Consent To Application
Records an admin or user granting an Entra ID application permission to access resources via an OAuth 2.0 consent grant.
Azure CopyBlob
Copies a blob within or between Azure Storage accounts or containers.
Azure Disable Strong Authentication
Disables multi-factor authentication for a user account, weakening authentication security.
Azure Invite External User
Sends a B2B guest invitation to an external user, granting them access to the tenant's resources.
Azure Microsoft.AppConfiguration/configurationStores/listKeys/action
Lists the access keys for an Azure App Configuration store, exposing credentials used to read or write configuration data.
Azure Microsoft.Authorization/elevateAccess/action
Global Admin elevates to User Access Administrator at root scope, granting control over all Azure subscriptions.
Azure Microsoft.Authorization/locks/delete
Deletes a resource lock, removing protection against deletion or modification of critical resources.
Azure Microsoft.Authorization/roleAssignments/delete
Deletes a role assignment, removing access for legitimate users and disrupting operations.
Azure Microsoft.Authorization/roleAssignments/write
Creates or updates an Azure RBAC role assignment, granting a principal specific permissions on a resource or scope.
Azure Microsoft.Automation/automationAccounts/credentials/read
Reads credential assets stored in an Azure Automation account, potentially exposing sensitive authentication data.
Azure Microsoft.Automation/automationAccounts/jobs/write
Creates or starts a runbook job in an Azure Automation account.
Azure Microsoft.Automation/automationAccounts/runbooks/write
Creates or updates a runbook in an Azure Automation account.
Azure Microsoft.Automation/automationAccounts/webhooks/action
Triggers an Azure Automation runbook via a webhook invocation.
Azure Microsoft.Automation/automationAccounts/webhooks/write
Creates or updates a webhook that can trigger an Azure Automation runbook remotely.
Azure Microsoft.Batch/batchAccounts/listKeys/action
Lists the access keys for an Azure Batch account, exposing credentials used to authenticate Batch API calls.
Azure Microsoft.Compute/disks/beginGetAccess/action
Generates a time-limited SAS URL to access or download the data of an Azure managed disk.
Azure Microsoft.Compute/snapshots/beginGetAccess/action
Generates a time-limited SAS URL to access or download the data from an Azure VM disk snapshot.
Azure Microsoft.Compute/sshPublicKeys/write
Creates or updates an SSH public key resource in Azure, used to authenticate to Linux virtual machines.
Azure Microsoft.Compute/virtualMachines/delete
Permanently deletes an Azure virtual machine.
Azure Microsoft.Compute/virtualMachines/extensions/write
Installs or updates a VM extension on an Azure virtual machine, which can run scripts or install software agents.
Azure Microsoft.Compute/virtualMachines/runCommand/action
Executes a script or command on an Azure VM without requiring network-based access such as SSH or RDP.
Azure Microsoft.Compute/virtualMachines/write (CustomScriptExtension)
Creates or updates an Azure VM with a Custom Script Extension, executing a script on the VM at provisioning time.
Azure Microsoft.ContainerRegistry/registries/listCredentials/action
Lists the admin credentials for an Azure Container Registry, exposing the username and password for registry access.
Azure Microsoft.ContainerService/managedClusters/listClusterAdminCredential/action
Retrieves the cluster-admin kubeconfig for an AKS cluster, granting full administrative access to the cluster.
Azure Microsoft.ContainerService/managedClusters/listClusterUserCredential/action
Retrieves the user-level kubeconfig for an AKS cluster.
Azure Microsoft.ContainerService/managedClusters/runCommand/action
Executes a command against an AKS cluster's Kubernetes API without requiring direct network connectivity to the API server.
Azure Microsoft.Directory/groups/members/update
Adds or removes members from an Entra ID security group or Microsoft 365 group.
Azure Microsoft.Directory/servicePrincipals/credentials/update
Adds or updates credentials (client secrets or certificates) for an Entra ID service principal.
Azure Microsoft.EventHub/namespaces/eventhubs/delete
Permanently deletes an Azure Event Hub entity within a namespace.
Azure Microsoft.HybridCompute/machines/extensions/delete
Removes an extension from an Azure Arc-enabled server.
Azure Microsoft.Insights/activityLogAlerts/delete
Deletes an activity log alert rule, disabling security detection and notification capabilities.
Azure Microsoft.Insights/diagnosticSettings/delete
Deletes an Azure Monitor diagnostic setting, stopping the forwarding of logs and metrics to a configured destination.
Azure Microsoft.Insights/metricAlerts/delete
Deletes an Azure Monitor metric alert rule.
Azure Microsoft.KeyVault/vaults/accessPolicies/write
Modifies Key Vault access policies, potentially granting unauthorized access to secrets, keys, and certificates.
Azure Microsoft.KeyVault/vaults/certificates/read
Reads a certificate stored in an Azure Key Vault.
Azure Microsoft.KeyVault/vaults/delete
Permanently deletes an Azure Key Vault; without soft-delete, all secrets, keys, and certificates are unrecoverable.
Azure Microsoft.KeyVault/vaults/keys/read
Reads a cryptographic key from an Azure Key Vault.
Azure Microsoft.KeyVault/vaults/secrets/delete
Deletes a secret from an Azure Key Vault.
Azure Microsoft.KeyVault/vaults/secrets/read
Reads a secret value from an Azure Key Vault.
Azure Microsoft.ManagedIdentity/userAssignedIdentities/assign/action
Assigns a user-assigned managed identity to an Azure resource, enabling it to authenticate to other Azure services.
Azure Microsoft.Network/networkSecurityGroups/delete
Deletes a network security group, removing network access controls from associated resources.
Azure Microsoft.Network/networkSecurityGroups/securityRules/write
Creates or updates a security rule in an Azure Network Security Group, controlling inbound or outbound traffic.
Azure Microsoft.Network/networkWatchers/flowLogs/delete
Deletes an NSG flow log configuration, stopping the capture of network traffic metadata for a network security group.
Azure Microsoft.Network/virtualNetworks/virtualNetworkPeerings/write
Creates or modifies a virtual network peering, enabling network connectivity for lateral movement across VNets.
Azure Microsoft.OperationalInsights/workspaces/delete
Permanently deletes a Log Analytics workspace and its stored data.
Azure Microsoft.OperationalInsights/workspaces/sharedKeys/action
Retrieves the primary and secondary access keys for a Log Analytics workspace.
Azure Microsoft.RecoveryServices/vaults/backupProtectedItems/delete
Removes a protected item from Azure Backup, stopping protection and deleting associated backup data.
Azure Microsoft.Security/alertsSuppressionRules/write
Creates or updates a suppression rule in Microsoft Defender for Cloud, hiding matching security alerts.
Azure Microsoft.Security/autoProvisioningSettings/write
Modifies auto-provisioning settings, potentially disabling automatic deployment of security monitoring agents.
Azure Microsoft.Security/pricings/write
Changes the pricing tier (plan) for Microsoft Defender for Cloud on a subscription or specific resource type.
Azure Microsoft.Security/securitySolutions/delete
Removes a security solution integrated with Microsoft Defender for Cloud.
Azure Microsoft.SerialConsole/serialPorts/connect/action
Connects to the serial console of an Azure VM, providing low-level access without requiring network connectivity.
Azure Microsoft.ServiceBus/namespaces/authorizationRules/listKeys/action
Lists the access keys for an Azure Service Bus namespace authorization rule, exposing connection strings for messaging.
Azure Microsoft.Sql/servers/databases/delete
Permanently deletes an Azure SQL Database.
Azure Microsoft.Sql/servers/databases/export/action
Exports an Azure SQL Database to a BACPAC file stored in Azure Blob Storage.
Azure Microsoft.Storage/storageAccounts/blobServices/containers/delete
Permanently deletes a blob container from an Azure Storage account.
Azure Microsoft.Storage/storageAccounts/delete
Permanently deletes an Azure Storage account and all of its data.
Azure Microsoft.Storage/storageAccounts/listKeys/action
Lists the access keys for an Azure Storage account, exposing credentials that provide full data-plane access.
Azure Microsoft.Storage/storageAccounts/regenerateKey/action
Regenerates one of the two access keys for an Azure Storage account, invalidating the previous key.
Azure Microsoft.Storage/storageAccounts/stopLogging/action
Stops logging for an Azure Storage account, disabling the collection of storage analytics logs.
Azure Microsoft.Web/sites/host/listKeys/action
Lists the host keys for an Azure App Service or Azure Functions app, exposing function-level and master access keys.
Azure Reset User Password
Resets an Entra ID user's password through an administrative action.
Azure Update Conditional Access Policy
Modifies an existing Conditional Access policy, changing the conditions or controls that govern how users authenticate.
Azure Update named location
Updates a named location definition (IP ranges or countries) used in Entra ID Conditional Access policy conditions.
Azure Update Role Definition
Modifies an existing custom Azure RBAC role definition, updating its allowed or denied actions.
Azure Update User Authentication Methods
Changes the MFA or passwordless authentication methods registered for a user in Microsoft Entra ID.
Azure VaultPatch
Updates the properties of an Azure Key Vault, such as its access policies, network rules, or soft-delete configuration.