services / Azure / API policies configuration

The API-level policy configuration (XML) in Azure API Management defines the gateway's request/response processing for an API: authentication (validate-jwt), authorization, IP filtering, rate limiting, caching, and backend routing/transformation.

Policy XML is the gateway's security and routing enforcement layer; it may reference named-values/secrets but read access returns those as references rather than decrypted secret material.


Microsoft.​ApiManagement/​service/​apis/​Policies/​delete

Deleting the API policy strips whatever protections it enforced (authentication, authorization, IP filtering, rate limiting), weakening the gateway's defenses and reverting/altering how requests are processed.

Risks

Scope: HIGH

This privilege may grant access to sensitive data from a single organizational function, or allow interruption of a service supporting a single organizational function.

Links

  • https:​/​/​azure.​permissions.​cloud/​iam/​Microsoft.​ApiManagement
  • https:​/​/​learn.​microsoft.​com/​en-​us/​azure/​role-​based-​access-​control/​resource-​provider-​operations
  • Contributed by P0 Security

    © 2023–present P0 Security and contributors to the IAM Privilege Catalog