Control: Ensure trusted locations are defined
Description
Microsoft Entra ID Conditional Access allows an organization to configure Named locations and configure whether those locations are trusted or untrusted. These settings provide organizations the means to specify Geographical locations for use in conditional access policies, or define actual IP addresses and IP ranges and whether or not those IP addresses and/or ranges are trusted by the organization.
Usage
Run the control in your terminal:
powerpipe control run azure_compliance.control.iam_conditional_access_trusted_location_configured
Snapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run azure_compliance.control.iam_conditional_access_trusted_location_configured --share
SQL
This control uses a named query:
with distinct_tenant as ( select distinct tenant_id, subscription_id, _ctx from azure_tenant)select id as resource, case when (location_info -> 'IsTrusted')::bool then 'ok' else 'alarm' end as status, case when (location_info -> 'IsTrusted')::bool then title || ' trusted location configured.' else title || ' trusted location not configured.' end as reason, t.tenant_id from distinct_tenant as t, azuread_conditional_access_named_location;