Control: Azure > CIS v2.0 > 01 - Identity and Access Management > 1.01 - Security Defaults
The Azure "Security Defaults" recommendations represent an entry-level set of recommendations which will be relevant to organizations and tenants that are either just starting to use Azure as an IaaS solution, or are only utilizing a bare minimum feature set such as the freely licensed tier of Azure Active Directory. Security Defaults recommendations are intended to ensure that these entry-level use cases are still capable of establishing a strong baseline of secure configuration.
If your subscription is licensed to use Azure AD Premium P1 or P2, it is strongly recommended that the "Security Defaults" section (this section and the recommendations therein) be bypassed in favor of the use of "Conditional Access."
Primary Policies
The following policies can be used to configure this control:
- 1.01 - Security Defaults > 1.01.01 - Ensure Security Defaults is enabled on Azure Active Directory
- 1.01 - Security Defaults > 1.01.01 - Ensure Security Defaults is enabled on Azure Active Directory > Attestation
- 1.01 - Security Defaults > 1.01.02 Ensure that 'Multi-Factor Auth Status' is 'Enabled' for all Privileged Users
- 1.01 - Security Defaults > 1.01.02 Ensure that 'Multi-Factor Auth Status' is 'Enabled' for all Privileged Users > Attestation
- 1.01 - Security Defaults > 1.01.03 Ensure that 'Multi-Factor Auth Status' is 'Enabled' for all Non-Privileged Users
- 1.01 - Security Defaults > 1.01.03 Ensure that 'Multi-Factor Auth Status' is 'Enabled' for all Non-Privileged Users > Attestation
- 1.01 - Security Defaults > 1.01.04 Ensure that 'Allow users to remember multi-factor authentication on devices they trust' is Disabled
- 1.01 - Security Defaults > 1.01.04 Ensure that 'Allow users to remember multi-factor authentication on devices they trust' is Disabled > Attestation
- 1.01 - Security Defaults
Category
In Your Workspace
Developers
- tmod:@turbot/azure-cisv2-0#/control/types/s0101
- tmod:@turbot/cis#/control/categories/cis
- turbot graphql controls --filter "controlTypeId:tmod:@turbot/azure-cisv2-0#/control/types/s0101"
Get Controls