Control: Default to Microsoft Entra authorization should be enabled for storage accounts

Description

Enable default Microsoft Entra (Azure AD) authorization for storage accounts to improve identity and access management.

Usage

Run the control in your terminal:

powerpipe control run azure_compliance.control.storage_account_default_to_oauth_authentication

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run azure_compliance.control.storage_account_default_to_oauth_authentication --share

SQL

This control uses a named query:

select
  sa.id as resource,
  case
    when default_to_oauth_authentication then 'ok'
    else 'alarm'
  end as status,
  case
    when default_to_oauth_authentication then sa.name || ' default to Microsoft Entra authorization is enabled.'
    else sa.name || ' default to Microsoft Entra authorization is disabled.'
  end as reason
  
  , sa.resource_group as resource_group
  , sub.display_name as subscription
from
  azure_storage_account sa
  left join azure_subscription sub on sub.subscription_id = sa.subscription_id;

Control: Default to Microsoft Entra authorization should be enabled for storage accounts

Description

Usage

SQL

Tags