Control: Azure > CIS v1 > 1 Identity and Access Management
Primary Policies
The following policies can be used to configure this control:
- 1 Identity and Access Management > 1.01 Ensure that multi-factor authentication is enabled for all privileged users (Not Scored)
- 1 Identity and Access Management > 1.01 Ensure that multi-factor authentication is enabled for all privileged users (Not Scored) > Attestation
- 1 Identity and Access Management > 1.02 Ensure that multi-factor authentication is enabled for all non- privileged users (Not Scored)
- 1 Identity and Access Management > 1.02 Ensure that multi-factor authentication is enabled for all non- privileged users (Not Scored) > Attestation
- 1 Identity and Access Management > 1.03 Ensure that there are no guest users (Scored)
- 1 Identity and Access Management > 1.04 Ensure that 'Allow users to remember multi-factor authentication on devices they trust' is 'Disabled' (Not Scored)
- 1 Identity and Access Management > 1.04 Ensure that 'Allow users to remember multi-factor authentication on devices they trust' is 'Disabled' (Not Scored) > Attestation
- 1 Identity and Access Management > 1.05 Ensure that 'Number of methods required to reset' is set to '2' (Not Scored)
- 1 Identity and Access Management > 1.05 Ensure that 'Number of methods required to reset' is set to '2' (Not Scored) > Attestation
- 1 Identity and Access Management > 1.06 Ensure that 'Number of days before users are asked to re-confirm their authentication information' is not set to "0" (Not Scored)
- 1 Identity and Access Management > 1.06 Ensure that 'Number of days before users are asked to re-confirm their authentication information' is not set to "0" (Not Scored) > Attestation
- 1 Identity and Access Management > 1.07 Ensure that 'Notify users on password resets?' is set to 'Yes' (Not Scored)
- 1 Identity and Access Management > 1.07 Ensure that 'Notify users on password resets?' is set to 'Yes' (Not Scored) > Attestation
- 1 Identity and Access Management > 1.08 Ensure that 'Notify all admins when other admins reset their password?' is set to 'Yes' (Not Scored)
- 1 Identity and Access Management > 1.08 Ensure that 'Notify all admins when other admins reset their password?' is set to 'Yes' (Not Scored) > Attestation
- 1 Identity and Access Management > 1.09 Ensure that 'Users can consent to apps accessing company data on their behalf' is set to 'No' (Not Scored)
- 1 Identity and Access Management > 1.09 Ensure that 'Users can consent to apps accessing company data on their behalf' is set to 'No' (Not Scored) > Attestation
- 1 Identity and Access Management > 1.10 Ensure that 'Users can add gallery apps to their Access Panel' is set to 'No' (Not Scored)
- 1 Identity and Access Management > 1.10 Ensure that 'Users can add gallery apps to their Access Panel' is set to 'No' (Not Scored) > Attestation
- 1 Identity and Access Management > 1.11 Ensure that 'Users can register applications' is set to 'No' (Not Scored)
- 1 Identity and Access Management > 1.11 Ensure that 'Users can register applications' is set to 'No' (Not Scored) > Attestation
- 1 Identity and Access Management > 1.12 Ensure that 'Guest user permissions are limited' is set to 'Yes' (Not Scored)
- 1 Identity and Access Management > 1.12 Ensure that 'Guest user permissions are limited' is set to 'Yes' (Not Scored) > Attestation
- 1 Identity and Access Management > 1.13 Ensure that 'Members can invite' is set to 'No' (Not Scored)
- 1 Identity and Access Management > 1.13 Ensure that 'Members can invite' is set to 'No' (Not Scored) > Attestation
- 1 Identity and Access Management > 1.14 Ensure that 'Guests can invite' is set to 'No' (Not Scored)
- 1 Identity and Access Management > 1.14 Ensure that 'Guests can invite' is set to 'No' (Not Scored) > Attestation
- 1 Identity and Access Management > 1.15 Ensure that 'Restrict access to Azure AD administration portal' is set to 'Yes' (Not Scored)
- 1 Identity and Access Management > 1.15 Ensure that 'Restrict access to Azure AD administration portal' is set to 'Yes' (Not Scored) > Attestation
- 1 Identity and Access Management > 1.16 Ensure that 'Self-service group management enabled' is set to 'No' (Not Scored)
- 1 Identity and Access Management > 1.16 Ensure that 'Self-service group management enabled' is set to 'No' (Not Scored) > Attestation
- 1 Identity and Access Management > 1.17 Ensure that 'Users can create security groups' is set to 'No' (Not Scored)
- 1 Identity and Access Management > 1.17 Ensure that 'Users can create security groups' is set to 'No' (Not Scored) > Attestation
- 1 Identity and Access Management > 1.18 Ensure that 'Users who can manage security groups' is set to 'None' (Not Scored)
- 1 Identity and Access Management > 1.18 Ensure that 'Users who can manage security groups' is set to 'None' (Not Scored) > Attestation
- 1 Identity and Access Management > 1.19 Ensure that 'Users can create Office 365 groups' is set to 'No' (Not Scored)
- 1 Identity and Access Management > 1.19 Ensure that 'Users can create Office 365 groups' is set to 'No' (Not Scored) > Attestation
- 1 Identity and Access Management > 1.20 Ensure that 'Users who can manage Office 365 groups' is set to 'None' (Not Scored)
- 1 Identity and Access Management > 1.20 Ensure that 'Users who can manage Office 365 groups' is set to 'None' (Not Scored) > Attestation
- 1 Identity and Access Management > 1.21 Ensure that 'Enable "All Users" group' is set to 'Yes' (Not Scored)
- 1 Identity and Access Management > 1.21 Ensure that 'Enable "All Users" group' is set to 'Yes' (Not Scored) > Attestation
- 1 Identity and Access Management > 1.22 Ensure that 'Require Multi-Factor Auth to join devices' is set to 'Yes' (Not Scored)
- 1 Identity and Access Management > 1.22 Ensure that 'Require Multi-Factor Auth to join devices' is set to 'Yes' (Not Scored) > Attestation
- 1 Identity and Access Management > 1.23 Ensure that no custom subscription owner roles are created (Scored)
- 1 Identity and Access Management
Category
In Your Workspace
Developers
- tmod:@turbot/azure-cisv1#/control/types/s01
- tmod:@turbot/cis#/control/categories/cis
- turbot graphql controls --filter "controlTypeId:tmod:@turbot/azure-cisv1#/control/types/s01"
Get Controls
Control Type URI
Category URI
GraphQL
CLI