standard
turbot/azure_compliance

Trigger: Detect & correct Tenants with guest users

Detect tenants with guest users.

Query

with distinct_tenant as (
select
distinct tenant_id,
subscription_id,
_ctx
from
azure_tenant
)
select
concat(display_name, ' [', u.tenant_id, ']') as title,
u.tenant_id,
u.user_principal_name as user_principal_name,
account_enabled,
extract(
day
from
current_timestamp - u.created_date_time :: timestamp
),
u._ctx ->> 'connection_name' as conn
from
azuread_user as u
left join distinct_tenant as t on t.tenant_id = u.tenant_id
where
u.user_type = 'Guest';

Schedule

15m

Tags

category = Compliance
plugin = azure
service = Azure/IAM