services / Azure / Azure SQL Data Sync Agent
SQL Data Sync agent registered on an Azure SQL logical server, bridging on-premises/hybrid databases into Data Sync groups for cross-database replication.
Supporting data-replication infrastructure; the registration key is a credential into the sync trust boundary.
Microsoft.Sql/servers/syncAgents/generateKey/action
Generates and returns the sync agent registration key (credential material) that authenticates an agent into the Data Sync service, enabling an attacker to register a rogue agent and reach the synchronized databases.
Risks
Scope: HIGH
This privilege may grant access to sensitive data from a single organizational function, or allow interruption of a service supporting a single organizational function.
Links
Contributed by P0 Security
© 2023–present P0 Security and contributors to the IAM Privilege Catalog