Azure and GCP Perimeter Security, CIS Updates, and Enhanced Plugins →

Plugins Docs Home

turbot/steampipe-mod-microsoft365-compliance

azuread_account_provisioning_activity_report_reviewed azuread_admin_consent_workflow_enabled azuread_admin_user_mfa_enabled azuread_administrative_account_on_premises_sync_disabled azuread_all_user_mfa_enabled azuread_audit_log_search_enabled azuread_authentication_method_email_otp_disabled azuread_authentication_method_microsoft_authenticator_mfa_fatigue_protection azuread_authentication_method_restrict_insecure_methods azuread_authorization_policy_accessing_company_data_not_allowed azuread_conditional_access_block_device_code_flow azuread_conditional_access_block_signin_risk_medium_high azuread_conditional_access_require_managed_device_for_authentication azuread_conditional_access_require_managed_device_register_security_info azuread_conditional_access_signin_frequency_intune_every_time azuread_device_join_restricted azuread_dynamic_group_for_guest_user azuread_ga_not_local_admin_on_join azuread_global_admin_range_restricted azuread_group_not_public azuread_guest_user_access_reviews_configured azuread_guest_user_info azuread_laps_enabled azuread_legacy_authentication_disabled azuread_local_admin_assignment_limited azuread_max_devices_per_user_limited azuread_microsoft_azure_management_limited_to_administrative_roles azuread_password_protection_enabled azuread_privileged_roles_access_reviews_configured azuread_risky_sign_ins_report azuread_security_default_disabled azuread_signin_frequency_policy azuread_signin_risk_policy azuread_third_party_application_not_allowed azuread_user_bitlocker_recovery_restricted azuread_user_cannot_create_security_groups azuread_user_password_not_set_to_expire azuread_user_risk_policy azuread_user_sspr_enabled microsoft365_calendar_sharing_disabled microsoft365_sharepoint_external_content_sharing_restricted microsoft365_sharepoint_external_sharing_managed_by_domain_whitelist_or_blacklist microsoft365_sharepoint_resharing_by_external_users_disabled microsoft_user_mfa_capable

Query: azuread_device_join_restricted

Usage

powerpipe query microsoft365_compliance.query.azuread_device_join_restricted

Steampipe Tables

azuread_device_registration_policy

Azure Active Directory plugin

SQL

select
  tenant_id || '/' || id as resource,
  case
    when azure_ad_join -> 'allowedToJoin' ->> '@odata.type' = '#microsoft.graph.enumeratedDeviceRegistrationMembership'
      or azure_ad_join -> 'allowedToJoin' ->> '@odata.type' = '#microsoft.graph.noDeviceRegistrationMembership' then 'ok'
    else 'alarm'
  end as status,
  case
    when azure_ad_join -> 'allowedToJoin' ->> '@odata.type' = '#microsoft.graph.enumeratedDeviceRegistrationMembership' then tenant_id || ' has device join restricted to selected users or groups.'
    when azure_ad_join -> 'allowedToJoin' ->> '@odata.type' = '#microsoft.graph.noDeviceRegistrationMembership' then tenant_id || ' has device join restricted.'
    else tenant_id || ' has device join allowed for all users.'
  end as reason
  , tenant_id as tenant_id
from
  azuread_device_registration_policy;

Controls

The query is being used by the following controls:

5.1.4.1 Ensure the ability to join devices to Entra is restricted