> ## Documentation Index > Fetch the complete documentation index at: https://bloodhound.specterops.io/llms.txt > Use this file to discover all available pages before exploring further. # AZMGGrantRole > This edge is created during post-processing. Applies to BloodHound Enterprise and CE It is created against all Entra ID admin roles when a Service Principal has the following MS Graph app role assignment: * RoleManagement.ReadWrite.Directory This privilege allows the Service Principal to promote itself or any other principal to any Entra ID admin role, including Global Administrator. ## Abuse Info To abuse this privilege, you can promote a principal you control to Global Administrator using BARK’s New-EntraRoleAssignment. This function requires you to supply an MS Graph-scoped JWT associated with the Service Principal that has the privilege to grant Entra ID admin roles. There are several ways to acquire a JWT. For example, you may use BARK’s Get-MSGraphTokenWithClientCredentials to acquire an MS Graph-scoped JWT by supplying a Service Principal Client ID and secret: ```bash theme={null} $MGToken = Get-MSGraphTokenWithClientCredentials ` -ClientID "34c7f844-b6d7-47f3-b1b8-720e0ecba49c" ` -ClientSecret "asdf..." ` -TenantName "contoso.onmicrosoft.com" ``` Then use BARK’s New-EntraRoleAssignment function to grant the Entra ID role to your target principal: ```bash theme={null} New-EntraRoleAssignment ` -PrincipalID "6b6f9289-fe92-4930-a331-9575e0a4c1d8" ` -RoleDefinitionId "62e90394-69f5-4237-9190-012177145e10" ` -Token $MGToken ``` If successful, the output will include the principal ID, the role ID, and a unique ID for the role assignment. ## Opsec Considerations When you assign an Entra ID admin role to a principal using this privilege, the Azure Audit log will create an event called “Add member to role outside of PIM (permanent)”. ## References * [https://attack.mitre.org/techniques/T1098/](https://attack.mitre.org/techniques/T1098/) * [https://posts.specterops.io/azure-privilege-escalation-via-service-principal-abuse-210ae2be2a5](https://posts.specterops.io/azure-privilege-escalation-via-service-principal-abuse-210ae2be2a5) * [https://github.com/BloodHoundAD/BARK](https://github.com/BloodHoundAD/BARK) * [https://specterops.io/blog/2023/04/18/introducing-bloodhound-4-3-get-global-admin-more-often/](https://specterops.io/blog/2023/04/18/introducing-bloodhound-4-3-get-global-admin-more-often/)