services / Azure / Web app backup configuration
An Azure App Service site (Web App, Function App, or Logic App Standard) is a managed hosting resource that runs an organization's application code, often with an attached managed identity, app settings/connection strings, and a public-facing endpoint.
Production application hosting for a single organizational function; can hold secrets in app settings, run code under a managed identity, and serve public traffic.
Microsoft.Web/Sites/backup/write
Updating the backup configuration lets an attacker disable backups, alter the schedule, or redirect backups to attacker-controlled storage, manipulating a recovery-oriented operational control.
Risks
Scope: MEDIUM
This privilege may grant access to confidential data, or its exploit can incur operational cost.
Links
Contributed by P0 Security
© 2023–present P0 Security and contributors to the IAM Privilege Catalog