services / Azure / Azure SQL Managed Instance DNS alias
A friendly, CNAME-style DNS name that maps to an Azure SQL Managed Instance endpoint, allowing clients to connect using a stable alias rather than the instance's native hostname.
Controlling an alias controls where client connection traffic for a database endpoint resolves; aliases can be transferred (acquired) between instances.
Microsoft.Sql/managedInstances/dnsAliases/acquire/action
Acquiring an alias from another managed instance repoints that DNS name to the attacker's instance, hijacking client traffic destined for the legitimate database to intercept or impersonate it.
Risks
Scope: HIGH
This privilege may grant access to sensitive data from a single organizational function, or allow interruption of a service supporting a single organizational function.
Links
Contributed by P0 Security
© 2023–present P0 Security and contributors to the IAM Privilege Catalog