Control: Azure > CIS v2.0 > 04 - Database Services > 4.05 - Cosmos DB > 4.05.03 - Use Azure Active Directory (AAD) Client Authentication and Azure RBAC where possible

Configures auditing against a CIS Benchmark item.

Level: 1

Cosmos DB can use tokens or AAD for client authentication which in turn will use Azure RBAC for authorization. Using AAD is significantly more secure because AAD handles the credentials and allows for MFA and centralized management, and the Azure RBAC better integrated with the rest of Azure.

Resource Types

This control targets the following resource types:

Azure > Subscription

Primary Policies

The following policies can be used to configure this control:

In Your Workspace

Developers

Control Type URI

tmod:@turbot/azure-cisv2-0#/control/types/r040503

Category URI

tmod:@turbot/cis#/control/categories/v071602

GraphQL

query controlType(id: "tmod:@turbot/azure-cisv2-0#/control/types/r040503") { … }

query controls(filter: "controlTypeId:'tmod:@turbot/azure-cisv2-0#/control/types/r040503'") { … }

CLI

Get Controls

turbot graphql controls --filter "controlTypeId:tmod:@turbot/azure-cisv2-0#/control/types/r040503"