services / Azure / DNS MX record set
Azure DNS MX record set defining the mail-exchange servers that handle inbound email for the domain. Controls public mail routing for the domain.
Write access reroutes inbound mail to attacker-controlled servers (mail-flow hijack); delete denies inbound email.
Microsoft.Network/dnszones/MX/delete
Deleting the MX record set removes mail routing for the domain, destroying a network component and denying inbound email delivery.
Risks
Scope: HIGH
This privilege may grant access to sensitive data from a single organizational function, or allow interruption of a service supporting a single organizational function.
Links
Contributed by P0 Security
© 2023–present P0 Security and contributors to the IAM Privilege Catalog