Benchmark: 5.2.2 Conditional Access
Usage
Install the mod:
mkdir dashboardscd dashboardspowerpipe mod initpowerpipe mod install github.com/turbot/steampipe-mod-microsoft365-compliance
Start the Powerpipe server:
steampipe service startpowerpipe server
Open http://localhost:9033 in your browser and select 5.2.2 Conditional Access.
Run this benchmark in your terminal:
powerpipe benchmark run microsoft365_compliance.benchmark.cis_v300_5_2_2
Snapshot and share results via Turbot Pipes:
powerpipe benchmark run microsoft365_compliance.benchmark.cis_v300_5_2_2 --share
Controls
- 5.2.2.1 Ensure multifactor authentication is enabled for all users in administrative roles
- 5.2.2.2 Ensure multifactor authentication is enabled for all users
- 5.2.2.3 Enable Conditional Access policies to block legacy authentication
- 5.2.2.4 Ensure Sign-in frequency is enabled and browser sessions are not persistent for Administrative users
- 5.2.2.6 Enable Azure AD Identity Protection user risk policies
- 5.2.2.7 Enable Azure AD Identity Protection sign-in risk policies
- 5.2.2.8 Ensure 'Microsoft Azure Management' is limited to administrative roles