standard
turbot/azure_cis
Get Involved
Version
Pipeline: 2.20 Ensure that 'Owners can manage group membership requests in the Access Panel' is set to 'No'
Description
Restrict security group management to administrators only.
Restricting security group management to administrators only prohibits users from making changes to security groups. This ensures that security groups are appropriately managed and their management is not delegated to non-administrators.
Remediation
From Azure Portal
- From Azure Home select the Portal Menu.
- Select
Microsoft Entra ID
. - Under
Manage
, selectGroups
. - Under
Settings
, selectGeneral
. - Under
Self Service Group Management
, setOwners can manage group membership requests in My Groups
toNo
. - Click
Save
.
Default Value
By default, Owners can manage group membership requests in My Groups
is set to No
.
Run the pipeline
To run this pipeline from your terminal:
flowpipe pipeline run azure_cis.pipeline.cis_v300_2_20
Use this pipeline
To call this pipeline from your pipeline, use a step:
step "pipeline" "step_name" { pipeline = azure_cis.pipeline.cis_v300_2_20 }
Params
Name | Type | Required | Description | Default |
---|---|---|---|---|
database | connection.steampipe | Yes | Database connection string. | connection.steampipe.default |
notifier | notifier | Yes | The name of the notifier to use for sending notification messages. | notifier.default |
notification_level | string | Yes | The verbosity level of notification messages to send. Valid options are 'verbose', 'info', 'error'. | info |
approvers | list(notifier) | Yes | List of notifiers to be used for obtaining action/approval decisions. | notifier.default |
Outputs
This pipeline has no outputs.
Tags
folder = CIS v3.0.0/2 Identity