turbot/microsoft365_compliance

Query: azuread_authorization_policy_accessing_company_data_not_allowed

Usage

powerpipe query microsoft365_compliance.query.azuread_authorization_policy_accessing_company_data_not_allowed

SQL

select
tenant_id || '/' || id as resource,
case
when jsonb_array_length(default_user_role_permissions -> 'permissionGrantPoliciesAssigned') = 0 then 'ok'
else 'alarm'
end as status,
case
when jsonb_array_length(default_user_role_permissions -> 'permissionGrantPoliciesAssigned') = 0 then tenant_id || ' which is ' || lower(split_part(description, '.', 1)) || ' does not have Permission Grant Policies assigned.'
else tenant_id || ' which is ' || lower(split_part(description, '.', 1)) || ' have Permission Grant Policies assigned.'
end as reason
, tenant_id as tenant_id
from
azuread_authorization_policy;

Controls

The query is being used by the following controls: