> ## Documentation Index
> Fetch the complete documentation index at: https://bloodhound.specterops.io/llms.txt
> Use this file to discover all available pages before exploring further.

# AZCloudAppAdmin

> The principal has the Cloud Application Administrator Entra ID role active and can control tenant-resident apps.

<img noZoom src="https://mintcdn.com/specterops/tTIczgde9H07oLXf/assets/enterprise-AND-community-edition-pill-tag.svg?fit=max&auto=format&n=tTIczgde9H07oLXf&q=85&s=ad49a576589f4d2a8081df77d07fdf56" alt="Applies to BloodHound Enterprise and CE" width="482" height="45" data-path="assets/enterprise-AND-community-edition-pill-tag.svg" />

## Abuse Info

Create a new credential for the app, then authenticate to the tenant as the app’s service principal, then abuse whatever privilege it is that the service principal has.

## Opsec Considerations

The Azure portal will create a log even whenever a new credential is created for a service principal.

## References

* [Microsoft Entra built-in roles: Cloud Application Administrator](https://learn.microsoft.com/en-us/entra/identity/role-based-access-control/permissions-reference#cloud-application-administrator)
* [https://dirkjanm.io/azure-ad-privilege-escalation-application-admin/](https://dirkjanm.io/azure-ad-privilege-escalation-application-admin/)