> ## Documentation Index > Fetch the complete documentation index at: https://bloodhound.specterops.io/llms.txt > Use this file to discover all available pages before exploring further. # AZAddOwner > This edge is created during post-processing. Applies to BloodHound Enterprise and CE It is created against all App Registrations and Service Principals within the same tenant when an Azure principal has one of the following Entra ID roles: * Hybrid Identity Administrator * Partner Tier1 Support * Partner Tier2 Support * Directory Synchronization Accounts You will not see these privileges when auditing permissions against any of the mentioned objects when you use Microsoft tooling, including the Azure portal or any API. ## Abuse Info You can use BARK to add a new owner to the target object. The BARK function you use will depend on the target object type, but all of the functions follow a similar syntax. These functions require you to supply an MS Graph-scoped JWT associated with the principal that has the privilege to add a new owner to your target object. There are several ways to acquire a JWT. For example, you may use BARK’s Get-GraphTokenWithRefreshToken to acquire an MS Graph-scoped JWT by supplying a refresh token: ```bash theme={null} $MGToken = Get-GraphTokenWithRefreshToken ` -RefreshToken "0.ARwA6WgJJ9X2qk..." ` -TenantID "contoso.onmicrosoft.com" ``` To add a new owner to a Service Principal, use BARK’s New-ServicePrincipalOwner function: ```bash theme={null} New-ServicePrincipalOwner ` -ServicePrincipalObjectId "082cf9b3-24e2-427b-bcde-88ffdccb5fad" ` -NewOwnerObjectId "cea271c4-7b01-4f57-932d-99d752bbbc60" ` -Token $Token ``` To add a new owner to an App Registration, use BARK’s New-AppOwner function: ```bash theme={null} New-AppOwner ` -AppObjectId "52114a0d-fa5b-4ee5-9a29-2ba048d46eee" ` -NewOwnerObjectId "cea271c4-7b01-4f57-932d-99d752bbbc60" ` -Token $Token ``` ## Opsec Considerations Any time you add an owner to any Azure object, the AzureAD audit logs will create an event logging who added an owner to what object, as well as what the new owner added to the object was. ## References * [https://attack.mitre.org/techniques/T1098/](https://attack.mitre.org/techniques/T1098/) * [https://posts.specterops.io/azure-privilege-escalation-via-service-principal-abuse-210ae2be2a5](https://posts.specterops.io/azure-privilege-escalation-via-service-principal-abuse-210ae2be2a5) * [https://github.com/BloodHoundAD/BARK](https://github.com/BloodHoundAD/BARK) * [https://specterops.io/blog/2022/08/03/introducing-bloodhound-4-2-the-azure-refactor/](https://specterops.io/blog/2022/08/03/introducing-bloodhound-4-2-the-azure-refactor/)