Microsoft publishes Azure Threat Matrix for security evaluations

microsoft publishes azure threat matrix for security evaluations.jpeg
microsoft publishes azure threat matrix for security evaluations.jpeg

Similar to the MITER ATT&CK Framework, which is widely used in security circles, Microsoft has prepared information on potential attacks for Azure and Azure AD.


Microsoft has published the Azure Threat Research Matrix (ATRM). This is a knowledge database that contains so-called TTPs, i.e. tactics, techniques and procedures (“Tactics, Techniques, Procedures”) with which potential attackers could compromise an Azure resource or the Azure Active Directory.


The model is the MITER ATT&CK Framework, which is well-known among security experts and is often used to assess the security level of companies and provides details on how attackers should proceed. In this way, dangerous configuration errors can be avoided, security gaps can be closed and defensive measures can be taken. The framework is divided according to operating systems and the various attack phases from the first acquisition of information to initial access, spreading in the network (lateral movement), the expansion of privileges (privilege escalation) and much more.

As Ryan Hausknecht writes in the Threat Matrix announcement, the MITER Knowledge Base contains no formal documentation of Azure or Azure AD-related tactics, techniques, or procedures for assessment teams to refer to. The team is now trying to close this gap. The Azure Threat Research Matrix has two objectives: to provide security professionals with a clear picture of the known TTPs in Azure and Azure AD, and to educate professionals about the potential configuration risks associated with Azure and Azure AD.


Hausknecht’s contribution provides instructions on how to understand the layout and content of the ATRM. The matrix was designed in such a way that the commands shown cannot be misused. It should be understood as a supplement to the MITER ATT&CK matrix. The Microsoft team invites feedback on the ATRM, from new techniques to additional data, any input is welcome. The Azure Threat Research Matrix is ​​released under the MIT license and hosted on GitHub.

SEE ALSO  Microsoft acknowledges a bug with the latest Windows 10 security update