azuread_account_provisioning_activity_report_reviewedazuread_admin_consent_workflow_enabledazuread_admin_user_mfa_enabledazuread_all_user_mfa_enabledazuread_audit_log_search_enabledazuread_authorization_policy_accessing_company_data_not_allowedazuread_global_admin_range_restrictedazuread_group_not_publicazuread_guest_user_infoazuread_legacy_authentication_disabledazuread_microsoft_azure_management_limited_to_administrative_rolesazuread_password_protection_enabledazuread_risky_sign_ins_reportazuread_security_default_disabledazuread_signin_frequency_policyazuread_signin_risk_policyazuread_third_party_application_not_allowedazuread_user_password_not_set_to_expireazuread_user_risk_policyazuread_user_sspr_enabledmicrosoft365_calendar_sharing_disabled
Query: azuread_account_provisioning_activity_report_reviewed
Usage
powerpipe query microsoft365_compliance.query.azuread_account_provisioning_activity_report_reviewedSteampipe Tables
SQL
select id as resource, 'info' as status, case when (initiated_by -> 'user') is not null then initiated_by -> 'user' ->> 'userPrincipalName' || ' was added on ' || date_trunc('day', activity_Date_Time)::date when (initiated_by -> 'app') is not null then initiated_by -> 'app' ->> 'displayName' || ' was added on ' || date_trunc('day', activity_Date_Time)::date || '.' end as reason , tenant_id as tenant_idfrom azuread_directory_audit_reportwhere activity_display_name = 'Add user';
Controls
The query is being used by the following controls:
- 5.10 Ensure the Account Provisioning Activity report is reviewed at least weekly
- 5.9 Ensure the Account Provisioning Activity report is reviewed at least weekly
- 5.10 Ensure the Account Provisioning Activity report is reviewed at least weekly
- 2.3.1 Ensure the Account Provisioning Activity report is reviewed at least weekly