turbot/azure_compliance

Control: 1.1 Ensure that multi-factor authentication is enabled for all privileged users

Description

Enable multi-factor authentication for all user credentials who have write access to Azure resources. These include roles like:

  • Service Co-Administrators
  • Subscription Owners
  • Contributors

Multi-factor authentication requires an individual to present a minimum of two separate forms of authentication before access is granted. Multi-factor authentication provides additional assurance that the individual attempting to gain access is who they claim to be. With multi-factor authentication, an attacker would need to compromise at least two different authentication mechanisms, increasing the difficulty of compromise and thus reducing the risk.

Note: By default, multi-factor authentication is disabled for all users.

Remediation

From Console

  1. Log in to Azure Active Directory
  2. Go to Users
  3. Go to All Users
  4. Click on Multi-Factor Authentication button on the top bar
  5. Ensure that MULTI-FACTOR AUTH STATUS is Enabled for all users who are Service Co-Administrators OR Owners OR Contributors.

To enable MFA, follow Microsoft Azure documentation and setup multi-factor authentication in your environment.

Usage

Run the control in your terminal:

powerpipe control run azure_compliance.control.cis_v130_1_1

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run azure_compliance.control.cis_v130_1_1 --share

SQL

This control uses a named query:

ad_manual_control

Tags