v1.0 for Steampipe, Powerpipe, Flowpipe, 116 plugins, and 44 mods →
Powerpipe Hub 
Hub
Mods
turbot/azure_compliance
Overview
13Dashboards
1311Controls
430Queries
2Variables
GitHub

Control: 1.1 Ensure that multi-factor authentication status is enabled for all privileged users

Description

Enable multi-factor authentication for all user credentials who have write access to Azure resources. These include roles like:

  • Service Co-Administrators
  • Subscription Owners
  • Contributors

Multi-factor authentication requires an individual to present a minimum of two separate forms of authentication before access is granted. Multi-factor authentication provides additional assurance that the individual attempting to gain access is who they claim to be. With multi-factor authentication, an attacker would need to compromise at least two different authentication mechanisms, increasing the difficulty of compromise and thus reducing the risk.

Note: By default, multi-factor authentication is disabled for all users.

Remediation

From Console

  1. Log in to Azure Active Directory
  2. Go to Users
  3. Go to All Users
  4. Click on Multi-Factor Authentication button on the top bar
  5. Ensure that MULTI-FACTOR AUTH STATUS is Enabled for all users who are Service Co-Administrators OR Owners OR Contributors.

To enable MFA, follow Microsoft Azure documentation and setup multi-factor authentication in your environment.

Usage

Run the control in your terminal:

powerpipe control run azure_compliance.control.cis_v140_1_1

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run azure_compliance.control.cis_v140_1_1 --share

SQL

This control uses a named query:

ad_manual_control

Tags

category = Compliance
cis = true
cis_item_id = 1.1
cis_level = 1
cis_section_id = 1
cis_type = manual
cis_version = v1.4.0
plugin = azure
service = Azure/ActiveDirectory