Control: 1.11 Ensure that 'Users can register applications' is set to 'No'
Description
Require administrators to register third-party applications.
It is recommended to let administrator register custom-developed applications. This ensures that the application undergoes a security review before exposing active directory data to it.
Remediation
From Console
- Log in to Azure Active Directory
- Go to
Users - Go to
User settingsin side bar - Set
Users can register applicationsto No
Note: By default, Users can add gallery apps to their Access Panel is set to 'No'.
Usage
Run the control in your terminal:
powerpipe control run azure_compliance.control.cis_v140_1_11Snapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run azure_compliance.control.cis_v140_1_11 --shareSQL
This control uses a named query:
select 'active_directory' as resource, 'info' as status, 'Manual verification required.' as reason;