turbot/azure_compliance

Control: 1.2 Ensure that multi-factor authentication status is enabled for all non- privileged users

Description

Enable multi-factor authentication for all non-privileged users.

Multi-factor authentication requires an individual to present a minimum of two separate forms of authentication before access is granted. Multi-factor authentication provides additional assurance that the individual attempting to gain access is who they claim to be. With multi-factor authentication, an attacker would need to compromise at least two different authentication mechanisms, increasing the difficulty of compromise and thus reducing the risk.

Note: By default, multi-factor authentication is disabled for all users.

Remediation

From Console

  1. Log in to Azure Active Directory
  2. Go to Users
  3. Go to All Users
  4. Click on Multi-Factor Authentication button on the top bar
  5. Ensure that MULTI-FACTOR AUTH STATUS is Enabled for all users

To enable MFA

Follow Microsoft Azure documentation and setup multi-factor authentication in your environment.

Usage

Run the control in your terminal:

powerpipe control run azure_compliance.control.cis_v140_1_2

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run azure_compliance.control.cis_v140_1_2 --share

SQL

This control uses a named query:

ad_manual_control

Tags