Azure and GCP Perimeter Security, CIS Updates, and Enhanced Plugins →
Powerpipe Hub 
Hub
Mods
turbot/steampipe-mod-microsoft365-compliance
Overview
6Dashboards
126Benchmarks
36Queries
2Variables
GitHub

Query: azuread_guest_user_access_reviews_configured

Usage

powerpipe query microsoft365_compliance.query.azuread_guest_user_access_reviews_configured

Steampipe Tables

azuread_access_review_schedule_definition
azuread_user
Azure Active Directory plugin

SQL

with tenant_list as (
  select distinct on (tenant_id) tenant_id, _ctx
  from azuread_user
),
guest_user_access_reviews as (
  select
    tenant_id,
    count(*) as guest_user_access_review
  from
    azuread_access_review_schedule_definition
  where
    display_name = 'Review guest access across Microsoft 365 groups'
    and (settings -> 'mailNotificationsEnabled')::bool
    and (settings -> 'reminderNotificationsEnabled')::bool
    and (settings -> 'justificationRequiredOnApproval')::bool
    and settings -> 'recurrence' -> 'pattern' ->> 'type' in ('absoluteMonthly', 'weekly')
    and (settings -> 'autoApplyDecisionsEnabled')::bool
    and settings ->> 'defaultDecision' = 'Deny'
  group by tenant_id
)
select
  t.tenant_id as resource,
  case
    when guest_user_access_review > 0 then 'ok'
    else 'alarm'
  end as status,
  case
    when guest_user_access_review > 0
      then t.tenant_id || ' has access reviews configured for guest users.'
    else t.tenant_id || ' does not have access reviews configured for guest users.'
  end as reason
  , t.tenant_id as tenant_id
from
  tenant_list as t
  left join guest_user_access_reviews as p on p.tenant_id = t.tenant_id;

Controls

The query is being used by the following controls: