services / Azure / Cross-tenant backup recovery points

A recovery point is a stored backup snapshot of a protected item at a point in time, enumerated here through a cross-tenant vault mapping. The list reveals which restorable backup copies of organizational data exist and their timestamps.

Recovery points are the actual backup data copies; their restore exposes the underlying organizational data.


Microsoft.​RecoveryServices/​Vaults/​backupCrossTenantVaultMappings/​backupFabrics/​protectionContainers/​protectedItems/​recoveryPoints/​restore/​action

Restoring a recovery point reconstitutes the full backed-up data (potentially to an attacker-chosen target across the tenant boundary, exfiltrating it), can overwrite live data via original-location restore (manipulation), and provisions billable restore infrastructure (spend).

Risks

Scope: HIGH

This privilege may grant access to sensitive data from a single organizational function, or allow interruption of a service supporting a single organizational function.

Links

  • https:​/​/​azure.​permissions.​cloud/​iam/​Microsoft.​RecoveryServices
  • https:​/​/​learn.​microsoft.​com/​en-​us/​azure/​role-​based-​access-​control/​resource-​provider-​operations
  • Contributed by P0 Security

    © 2023–present P0 Security and contributors to the IAM Privilege Catalog