services / Azure / Front Door frontend endpoints
A Front Door frontend endpoint defines the public hostnames/custom domains and TLS configuration that the Azure Front Door edge answers for.
Frontend endpoints are the public ingress/domain binding of the edge; controlling them governs domain routing and the public-facing presence of an application.
Microsoft.Network/frontDoors/frontendEndpoints/write
Creating/updating a frontend endpoint binds/alters the custom domains/hostnames Front Door answers for, enabling domain/subdomain hijack and alteration of the public-facing surface.
Risks
Scope: HIGH
This privilege may grant access to sensitive data from a single organizational function, or allow interruption of a service supporting a single organizational function.
Links
Contributed by P0 Security
© 2023–present P0 Security and contributors to the IAM Privilege Catalog