Benchmark: 1.1 Security Defaults

Overview

The Azure "Security Defaults" recommendations represent an entry-level set of recommendations which will be relevant to organizations and tenants that are either just starting to use Azure as an IaaS solution, or are only utilizing a bare minimum feature set such as the freely licensed tier of Azure Active Directory. Security Defaults recommendations are intended to ensure that these entry-level use cases are still capable of establishing a strong baseline of secure configuration.

Usage

Install the mod:

mkdir dashboards
cd dashboards
powerpipe mod init
powerpipe mod install github.com/turbot/steampipe-mod-azure-compliance

Start the Powerpipe server:

steampipe service start
powerpipe server

Open http://localhost:9033 in your browser and select 1.1 Security Defaults.

Run this benchmark in your terminal:

powerpipe benchmark run azure_compliance.benchmark.cis_v150_1_1

Snapshot and share results via Turbot Pipes:

powerpipe benchmark run azure_compliance.benchmark.cis_v150_1_1 --share

Controls

• 1.1.1 Ensure Security Defaults is enabled on Azure Active Directory
• 1.1.2 Ensure that 'Multi-Factor Auth Status' is 'Enabled' for all Privileged Users
• 1.1.3 Ensure that 'Multi-Factor Auth Status' is 'Enabled' for all Non-Privileged Users
• 1.1.4 Ensure that 'Restore multi-factor authentication on all remembered devices' is Enabled

Tags