Administrative Untis

Administrative units are a commonly used Azure feature that enable scoped administration. We can think of them as a bit like organizational units in on-premises Active Directory environments, that can have group policies applied to them. Compromising a user that is able to update user profile values such as job title can allow us to increase our privileges by abusing security groups that have dynamic membership rules configured.