services / Azure / VM restore points
Restore points: individual point-in-time crash-consistent snapshots of a VM's OS and data disks, stored within a restore point collection.
Each restore point is a full copy of VM disk data; the snapshot data itself is reachable only via separate SAS-URI retrieval.
Microsoft.Compute/restorePointCollections/restorePoints/retrieveSasUris/action
Returns blob SAS URIs for the restore point's disk snapshots: pre-authenticated, credential-bearing tokens granting direct out-of-control-plane download of full VM OS/data disk contents (including any secrets on disk).
Risks
Scope: HIGH
This privilege may grant access to sensitive data from a single organizational function, or allow interruption of a service supporting a single organizational function.
Links
Contributed by P0 Security
© 2023–present P0 Security and contributors to the IAM Privilege Catalog