turbot/steampipe-mod-azure-compliance

Control: Ensure trusted locations are defined

Description

Microsoft Entra ID Conditional Access allows an organization to configure Named locations and configure whether those locations are trusted or untrusted. These settings provide organizations the means to specify Geographical locations for use in conditional access policies, or define actual IP addresses and IP ranges and whether or not those IP addresses and/or ranges are trusted by the organization.

Usage

Run the control in your terminal:

powerpipe control run azure_compliance.control.iam_conditional_access_trusted_location_configured

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run azure_compliance.control.iam_conditional_access_trusted_location_configured --share

SQL

This control uses a named query:

with distinct_tenant as (
select
distinct tenant_id,
subscription_id,
_ctx
from
azure_tenant
)
select
id as resource,
case
when (location_info -> 'IsTrusted')::bool then 'ok'
else 'alarm'
end as status,
case
when (location_info -> 'IsTrusted')::bool then title || ' trusted location configured.'
else title || ' trusted location not configured.'
end as reason,
t.tenant_id
from
distinct_tenant as t,
azuread_conditional_access_named_location;

Tags