v1.0 for Steampipe, Powerpipe, Flowpipe, 116 plugins, and 44 mods →
Powerpipe Hub 
Hub
Mods
turbot/azure_compliance
Overview
13Dashboards
1311Controls
430Queries
2Variables
GitHub

Control: 1.2 Ensure that multi-factor authentication is enabled for all non- privileged users

Description

Enable multi-factor authentication for all non-privileged users.

Multi-factor authentication requires an individual to present a minimum of two separate forms of authentication before access is granted. Multi-factor authentication provides additional assurance that the individual attempting to gain access is who they claim to be. With multi-factor authentication, an attacker would need to compromise at least two different authentication mechanisms, increasing the difficulty of compromise and thus reducing the risk.

Note: By default, multi-factor authentication is disabled for all users.

Remediation

From Console

  1. Log in to Azure Active Directory
  2. Go to Users
  3. Go to All Users
  4. Click on Multi-Factor Authentication button on the top bar
  5. Ensure that MULTI-FACTOR AUTH STATUS is Enabled for all users

To enable MFA

Follow Microsoft Azure documentation and setup multi-factor authentication in your environment.

Usage

Run the control in your terminal:

powerpipe control run azure_compliance.control.cis_v130_1_2

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run azure_compliance.control.cis_v130_1_2 --share

SQL

This control uses a named query:

ad_manual_control

Tags

category = Compliance
cis = true
cis_item_id = 1.2
cis_level = 2
cis_section_id = 1
cis_type = manual
cis_version = v1.3.0
plugin = azure
service = Azure/ActiveDirectory