Control: Ensure that 'security defaults' is enabled in Microsoft Entra ID
Description
Security defaults in Microsoft Entra ID make it easier to be secure and help protect your organization. Security defaults contain preconfigured security settings for common attacks.
Usage
Run the control in your terminal:
powerpipe control run azure_compliance.control.ad_security_defaults_policy_enabledSnapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run azure_compliance.control.ad_security_defaults_policy_enabled --shareSQL
This control uses a named query:
with distinct_tenant as ( select distinct tenant_id, subscription_id, _ctx from azure_tenant)select p.id as resource, case when (p.is_enabled)::bool then 'ok' else 'alarm' end as status, case when (p.is_enabled)::bool then p.tenant_id || ' security defaults enabled.' else p.tenant_id || ' security defaults disabled.' end as reason, t.tenant_id from distinct_tenant as t, azuread_security_defaults_policy as p;