Control: Azure > CIS v1 > 1 Identity and Access Management > 1.18 Ensure that 'Users who can manage security groups' is set to 'None' (Not Scored)

Resource Types

This control targets the following resource types:

• Azure > Active Directory > Directory

Primary Policies

The following policies can be used to configure this control:

• 1.18 Ensure that 'Users who can manage security groups' is set to 'None' (Not Scored)
• 1.18 Ensure that 'Users who can manage security groups' is set to 'None' (Not Scored) > Attestation

Category

• CIS > Controls v7 > 16 Account Monitoring and Control

In Your Workspace

• Controls by Resource report
• Controls by Control Type report

Developers

Control Type URI

tmod:@turbot/azure-cisv1#/control/types/r0118

Category URI

tmod:@turbot/cis#/control/categories/v0716

GraphQL

query controlType(id: "tmod:@turbot/azure-cisv1#/control/types/r0118") { … }

query controls(filter: "controlTypeId:'tmod:@turbot/azure-cisv1#/control/types/r0118'") { … }

CLI

Get Controls

turbot graphql controls --filter "controlTypeId:tmod:@turbot/azure-cisv1#/control/types/r0118"