Azure’s Hidden Operators: A Threat Model for Platform-Level Managed Identities by Kat Traxler

This report defines and threat-models Azure "Platform-Level Managed Identities" — provider-owned, multi-tenant identities used by Azure resource providers — and details a Binary Security case where a path-traversal flaw in the API Connection proxy allowed any user with Reader access to coerce the PLMI to retrieve secrets and data (Key Vault, SQL, Jira, Salesforce, Storage) across tenant boundaries. The write-up explains the confused-deputy attack pattern, why customer-side controls are limited, the mitigations applied (provider-side fixes and RBAC approval limits), and the broader systemic risk of globally scoped, provider-managed identities.