directory_user_2fa_enrolleddirectory_user_admin_2fa_enrolleddirectory_user_admin_countdirectory_user_admin_max_countdirectory_user_is_delegated_admindrive_domain_restrictiondrive_members_only_accessdrive_viewer_restrictionsgmail_auto_forwarding_disabledgmail_delegation_disabledgmail_pop_imap_disabledgroups_admin_created_only
Query: directory_user_2fa_enrolled
Usage
powerpipe query googleworkspace_compliance.query.directory_user_2fa_enrolled
Steampipe Tables
SQL
select primary_email as resource, case when is_enrolled_in_2sv = false then 'alarm' when is_enrolled_in_2sv = true and is_enforced_in_2sv = false then 'info' else 'ok' end as status, case when is_enrolled_in_2sv = false then format('User %s is not enrolled in 2-Step Verification%s.', primary_email, case when is_admin then ' (ADMIN)' else '' end) when is_enrolled_in_2sv = true and is_enforced_in_2sv = false then format('User %s has 2FA enrolled but not enforced%s.', primary_email, case when is_admin then ' (ADMIN)' else '' end) else format('User %s has 2-Step Verification properly configured%s.', primary_email, case when is_admin then ' (ADMIN)' else '' end) end as reasonfrom googledirectory_userorder by is_admin desc, is_enrolled_in_2sv asc, primary_email;
Controls
The query is being used by the following controls: