Azure Notification
Hubs Namespace Key
Service Name: Azure Notification Hubs
Service Description: Azure Notification Hubs is a push notification engine that enables sending push notifications to any platform (iOS, Android, Windows, etc.) from any backend (cloud or on-premises). It provides a scalable, cross-platform push notification infrastructure for sending millions of notifications to mobile apps.
Service Address: https://azure.microsoft.com/en-us/services/notification-hubs/
Validation Type: API Auth
IP Allow list: IP restrictions can be configured at the Azure service level using Network Security Groups and Virtual Networks.
Secret Access Scope: Grants access to manage and send notifications through a specific Azure Notification Hubs namespace. The key allows operations such as registering devices, sending notifications, and managing notification hub resources.
Secret Revokement URL: https://portal.azure.com/ (Navigate to your Notification Hubs namespace > Access policies > Select the policy > Delete)
Secret Example: Endpoint=sb://mynotificationhub.servicebus.windows.net/;SharedAccessKeyNam e=DefaultFullSharedAccessSignature;SharedAccessKey=A1B2C3D4E5F6G7H8I9J0K1L2 M3N4O5P6Q7R8S9T0=
Suspicious Activity Investigation Instructions:
- Review Azure Activity Logs for unusual operations on your Notification Hubs namespace
- Check for unexpected spikes in notification sends or device registrations
- Monitor for unauthorized changes to notification hub configurations
-
Review Azure Monitor metrics for unusual patterns in notification delivery
-
Check for notifications sent to unexpected platforms or applications
- Verify if there are any policy changes or new access policies created
Mitigation Instructions:
- Immediately regenerate the Notification Hubs namespace access key in the Azure Portal
- Navigate to your Notification Hubs namespace > Access policies > Select the affected policy
- Click on "Regenerate Key" for either the primary or secondary key that was compromised
- Update all legitimate applications with the new connection string
- Review and update IP restrictions using Azure Network Security Groups if applicable
- Enable Azure Defender for additional security monitoring
- Consider implementing Azure Private Link for your Notification Hubs to restrict network access
- Review all registered applications and remove any unauthorized registrations
- Enable diagnostic logs for better monitoring and auditing