Azure and GCP Perimeter Security, CIS Updates, and Enhanced Plugins →

Plugins Docs Home

turbot/steampipe-mod-microsoft365-compliance

azuread_account_provisioning_activity_report_reviewed azuread_admin_consent_workflow_enabled azuread_admin_user_mfa_enabled azuread_administrative_account_on_premises_sync_disabled azuread_all_user_mfa_enabled azuread_audit_log_search_enabled azuread_authentication_method_microsoft_authenticator_mfa_fatigue_protection azuread_authentication_method_restrict_insecure_methods azuread_authorization_policy_accessing_company_data_not_allowed azuread_conditional_access_block_device_code_flow azuread_conditional_access_block_signin_risk_medium_high azuread_conditional_access_require_managed_device_for_authentication azuread_conditional_access_require_managed_device_register_security_info azuread_conditional_access_signin_frequency_intune_every_time azuread_dynamic_group_for_guest_user azuread_global_admin_range_restricted azuread_group_not_public azuread_guest_user_access_reviews_configured azuread_guest_user_info azuread_legacy_authentication_disabled azuread_microsoft_azure_management_limited_to_administrative_roles azuread_password_protection_enabled azuread_privileged_roles_access_reviews_configured azuread_risky_sign_ins_report azuread_security_default_disabled azuread_signin_frequency_policy azuread_signin_risk_policy azuread_third_party_application_not_allowed azuread_user_password_not_set_to_expire azuread_user_risk_policy azuread_user_sspr_enabled microsoft365_calendar_sharing_disabled microsoft365_sharepoint_external_content_sharing_restricted microsoft365_sharepoint_external_sharing_managed_by_domain_whitelist_or_blacklist microsoft365_sharepoint_resharing_by_external_users_disabled microsoft_user_mfa_capable

Query: azuread_dynamic_group_for_guest_user

Usage

powerpipe query microsoft365_compliance.query.azuread_dynamic_group_for_guest_user

Steampipe Tables

Azure Active Directory plugin

SQL

with tenant_list as (
  select
    distinct on (tenant_id) tenant_id,
    _ctx
  from
    azuread_user
), dynamic_group_for_guest_user as (
  select
    count(*) as dynamic_group_for_guest_user_count,
    tenant_id
  from
    azuread_group
  where
    membership_rule = '(user.userType -eq "guest")'
    and group_types @> '[ "DynamicMembership" ]'
  group by
    tenant_id, _ctx
)
select
  t.tenant_id as resource,
  case
    when dynamic_group_for_guest_user_count > 0 then 'ok'
    else 'alarm'
  end status,
  case
    when dynamic_group_for_guest_user_count > 0 then t.tenant_id || ' has dynamic group for guest user.'
    else t.tenant_id || ' does not have dynamic group for guest user.'
  end reason
  , t.tenant_id as tenant_id
from
  tenant_list as t
  left join dynamic_group_for_guest_user as d on d.tenant_id = t.tenant_id

Controls

The query is being used by the following controls:

5.1.3.1 Ensure a dynamic group for guest users is created