turbot/steampipe-mod-googleworkspace-compliance

Query: directory_user_2fa_enrolled

Usage

powerpipe query googleworkspace_compliance.query.directory_user_2fa_enrolled

Steampipe Tables

SQL

select
primary_email as resource,
case
when is_enrolled_in_2sv = false then 'alarm'
when is_enrolled_in_2sv = true and is_enforced_in_2sv = false then 'info'
else 'ok'
end as status,
case
when is_enrolled_in_2sv = false then
format('User %s is not enrolled in 2-Step Verification%s.', primary_email,
case
when is_admin then ' (ADMIN)' else '' end)
when is_enrolled_in_2sv = true and is_enforced_in_2sv = false then
format('User %s has 2FA enrolled but not enforced%s.', primary_email,
case
when is_admin then ' (ADMIN)' else '' end)
else
format('User %s has 2-Step Verification properly configured%s.', primary_email,
case
when is_admin then ' (ADMIN)' else '' end)
end as reason
from
googledirectory_user
order by
is_admin desc,
is_enrolled_in_2sv asc,
primary_email;

Controls

The query is being used by the following controls: