🚀Launch Week 07, January 27th - 31st, 2025🚀
Powerpipe Hub 
Hub
Mods
turbot/steampipe-mod-azure-compliance
Overview
13Dashboards
1311Benchmarks
430Queries
2Variables
GitHub

Control: Cognitive Services accounts should have local authentication methods disabled

Description

Disabling local authentication methods improves security by ensuring that Cognitive Services accounts require Azure Active Directory identities exclusively for authentication.

Usage

Run the control in your terminal:

powerpipe control run azure_compliance.control.cognitive_service_local_auth_disabled

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run azure_compliance.control.cognitive_service_local_auth_disabled --share

SQL

This control uses a named query:

select
  a.id as resource,
  case
    when disable_local_auth then 'ok'
    else 'alarm'
  end as status,
  case
    when disable_local_auth then a.name || ' account local authentication enabled.'
    else a.name || ' account local authentication disabled.'
  end as reason
  
  , a.resource_group as resource_group
  , sub.display_name as subscription
from
  azure_cognitive_account a,
  azure_subscription sub;

Tags

nist_sp_800_171_rev_2 = true
nist_sp_800_53_rev_5 = true
service = Azure/CognitiveServices