From 64e6b1836938268479e1e9f524a6474ae5c3c827 Mon Sep 17 00:00:00 2001
From: Carlos Polop <carlospolop@gmail.com>
Date: Fri, 9 May 2025 14:41:08 +0200
Subject: [PATCH] clarification

---
 .../az-oauth-apps-phishing.md                                  | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/src/pentesting-cloud/azure-security/az-unauthenticated-enum-and-initial-entry/az-oauth-apps-phishing.md b/src/pentesting-cloud/azure-security/az-unauthenticated-enum-and-initial-entry/az-oauth-apps-phishing.md
index f0bd65c4e..114e107ed 100644
--- a/src/pentesting-cloud/azure-security/az-unauthenticated-enum-and-initial-entry/az-oauth-apps-phishing.md
+++ b/src/pentesting-cloud/azure-security/az-unauthenticated-enum-and-initial-entry/az-oauth-apps-phishing.md
@@ -87,6 +87,9 @@ The attack involves several steps targeting a generic company. Here's how it mig
 
 <figure><img src="../../../images/image (3).png" alt=""><figcaption></figcaption></figure>
 
+>[!WARNING]
+> It's also possibel to request permissions to other APIs that are not Graph API, like `Azure Service Management API`, `Azure Vault`, `Azure Storage`, etc. For example, the scope `https://management.azure.com/user_impersonation` will allow the application to access the Azure Management API on behalf of the user.
+
 4. **Execute the web page (**[**azure_oauth_phishing_example**](https://github.com/carlospolop/azure_oauth_phishing_example)**)** that asks for the permissions:
 
 ```bash