AZOwner

This article applies to BHCE and BHE

The principal is granted the Owner role on the resource.

AZOwner targets resources in AzureRM (for example AZResourceGroup, AZSubscription, and AZVM) through role assignment called "Owner".

Note: The edges AZOwner and AZOwns are distinct as they each apply their own distinct identity and access management platform (AzureRM and Entra ID respectively) with distinct mechanics, abuse primitives, and remediation steps.

Abuse Info

Everything a Contributor can do, with the addition of assigning rights to resources. Object ownership means almost all abuses are possible against the target object.

Opsec Considerations

This depends on which abuse you perform, but in general Azure will create a log for each abuse action.

Updated