With the increase in hybrid cloud adoption, that extends traditional active directory domain environments into Azure, penetration tests and red team assessments are more frequently bringing Azure tenants into the engagement scope. Attackers are often finding themselves with an initial foothold in Azure, but lacking in ideas on what an escalation path would look like. This talk will cover some of the common initial access vectors in Azure, along with a handful of escalation paths for getting full control over an Azure tenant. In addition to this, we will cover some techniques for maintaining that privileged access after an initial escalation. Finally, we will cover some of the tools that will help identify and exploit the issues outlined in this talk.