standard
turbot/azure_compliance

Trigger: Detect & correct IAM conditional access with MFA disabled

Detect IAM conditional access with MFA disabled.

Query

with distinct_tenant as (
select
distinct tenant_id
from
azure_tenant
)
select
concat(p.id, ' [', t.tenant_id, ']') as title,
t.tenant_id,
_ctx ->> 'connection_name' as conn
from
distinct_tenant as t,
azuread_conditional_access_policy as p
where
not p.built_in_controls @> '["mfa"]';

Schedule

15m

Tags

category = Compliance
plugin = azure
service = Azure/IAM