Benchmark: 1.1 Security Defaults
Overview
IMPORTANT: The Azure "Security Defaults" recommendations represent an entry-level set of recommendations which will be relevant to organizations and tenants that are either just starting to use Azure or are only utilizing a bare minimum feature set such as the freely licensed tier of Microsoft Entra ID. Security Defaults recommendations are intended to ensure that these entry-level use cases are still capable of establishing a strong baseline of secure configuration.
If your subscription is licensed to use Microsoft Entra ID P1 or P2, it is strongly recommended that the "Security Defaults" section (this section and the recommendations therein) be bypassed in favor of the use of "Conditional Access."
Usage
Install the mod:
mkdir dashboardscd dashboardspowerpipe mod initpowerpipe mod install github.com/turbot/steampipe-mod-azure-complianceStart the Powerpipe server:
steampipe service startpowerpipe serverOpen http://localhost:9033 in your browser and select 1.1 Security Defaults.
Run this benchmark in your terminal:
powerpipe benchmark run azure_compliance.benchmark.cis_v210_1_1Snapshot and share results via Turbot Pipes:
powerpipe benchmark run azure_compliance.benchmark.cis_v210_1_1 --shareControls
- 1.1.1 Ensure Security Defaults is enabled on Microsoft Entra ID
- 1.1.2 Ensure that 'Multi-Factor Auth Status' is 'Enabled' for all Privileged Users
- 1.1.3 Ensure that 'Multi-Factor Auth Status' is 'Enabled' for all Non-Privileged Users
- 1.1.4 Ensure that 'Allow users to remember multi-factor authentication on devices they trust' is Disabled