Benchmark: 5.1.4 Devices
Usage
Install the mod:
mkdir dashboardscd dashboardspowerpipe mod initpowerpipe mod install github.com/turbot/steampipe-mod-microsoft365-complianceStart the Powerpipe server:
steampipe service startpowerpipe serverOpen http://localhost:9033 in your browser and select 5.1.4 Devices.
Run this benchmark in your terminal:
powerpipe benchmark run microsoft365_compliance.benchmark.cis_v600_5_1_4Snapshot and share results via Turbot Pipes:
powerpipe benchmark run microsoft365_compliance.benchmark.cis_v600_5_1_4 --shareControls
- 5.1.4.1 Ensure the ability to join devices to Entra is restricted
- 5.1.4.2 Ensure the maximum number of devices per user is limited
- 5.1.4.3 Ensure the GA role is not added as a local administrator during Entra join
- 5.1.4.4 Ensure local administrator assignment is limited during Entra join
- 5.1.4.5 Ensure Local Administrator Password Solution is enabled
- 5.1.4.6 Ensure users are restricted from recovering BitLocker keys