This article applies to BHCE and BHE

Any principal granted the Avere Contributor role, scoped to the affected VM, can reset the built-in administrator password on the VM.

Abuse Info

The Avere Contributor role allows you to run SYSTEM commands on the VM

Via PowerZure:

Opsec Considerations

Because you’ll be running a command as the SYSTEM user on the Virtual Machine, the same opsec considerations for running malicious commands on any system should be taken into account: command line logging, PowerShell script block logging, EDR, etc.