🚀Launch Week 09, June 30th - July 4th, 2025🚀
Powerpipe Hub 
Hub
Mods
turbot/steampipe-mod-azure-compliance
Overview
15Dashboards
1464Benchmarks
449Queries
2Variables
GitHub

Control: Default to Microsoft Entra authorization should be enabled for storage accounts

Description

Enable default Microsoft Entra (Azure AD) authorization for storage accounts to improve identity and access management.

Usage

Run the control in your terminal:

powerpipe control run azure_compliance.control.storage_account_default_to_oauth_authentication

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run azure_compliance.control.storage_account_default_to_oauth_authentication --share

SQL

This control uses a named query:

select
  sa.id as resource,
  case
    when default_to_oauth_authentication then 'ok'
    else 'alarm'
  end as status,
  case
    when default_to_oauth_authentication then sa.name || ' default to Microsoft Entra authorization is enabled.'
    else sa.name || ' default to Microsoft Entra authorization is disabled.'
  end as reason
  
  , sa.resource_group as resource_group
  , sub.display_name as subscription
from
  azure_storage_account sa,
  azure_subscription sub
where
  sub.subscription_id = sa.subscription_id;

Tags

service = Azure/Storage