Turbot Guardrails Hub 
Hub
  • Mods
  • Policy Packs
  • Docs
  • Home
ModsPolicy PacksDocsHome
Mods
Azure
Loading policies...

Policy: Azure > CIS v1 > 1 Identity and Access Management

covers security recommendations that to follow to set identity and access management policies on an Azure Subscription.

Targets

This policy targets the following resource types:

  • Azure > Subscription

Primary Policy

This policy is used with the following primary policy:

  • Azure > CIS v1

Related Policies

  • 1.01 Ensure that multi-factor authentication is enabled for all privileged users (Not Scored)
  • 1.02 Ensure that multi-factor authentication is enabled for all non- privileged users (Not Scored)
  • 1.03 Ensure that there are no guest users (Scored)
  • 1.04 Ensure that 'Allow users to remember multi-factor authentication on devices they trust' is 'Disabled' (Not Scored)
  • 1.05 Ensure that 'Number of methods required to reset' is set to '2' (Not Scored)
  • 1.06 Ensure that 'Number of days before users are asked to re-confirm their authentication information' is not set to "0" (Not Scored)
  • 1.07 Ensure that 'Notify users on password resets?' is set to 'Yes' (Not Scored)
  • 1.08 Ensure that 'Notify all admins when other admins reset their password?' is set to 'Yes' (Not Scored)
  • 1.09 Ensure that 'Users can consent to apps accessing company data on their behalf' is set to 'No' (Not Scored)
  • 1.10 Ensure that 'Users can add gallery apps to their Access Panel' is set to 'No' (Not Scored)
  • 1.11 Ensure that 'Users can register applications' is set to 'No' (Not Scored)
  • 1.12 Ensure that 'Guest user permissions are limited' is set to 'Yes' (Not Scored)
  • 1.13 Ensure that 'Members can invite' is set to 'No' (Not Scored)
  • 1.14 Ensure that 'Guests can invite' is set to 'No' (Not Scored)
  • 1.15 Ensure that 'Restrict access to Azure AD administration portal' is set to 'Yes' (Not Scored)
  • 1.16 Ensure that 'Self-service group management enabled' is set to 'No' (Not Scored)
  • 1.17 Ensure that 'Users can create security groups' is set to 'No' (Not Scored)
  • 1.18 Ensure that 'Users who can manage security groups' is set to 'None' (Not Scored)
  • 1.19 Ensure that 'Users can create Office 365 groups' is set to 'No' (Not Scored)
  • 1.20 Ensure that 'Users who can manage Office 365 groups' is set to 'None' (Not Scored)
  • 1.21 Ensure that 'Enable "All Users" group' is set to 'Yes' (Not Scored)
  • 1.22 Ensure that 'Require Multi-Factor Auth to join devices' is set to 'Yes' (Not Scored)
  • 1.23 Ensure that no custom subscription owner roles are created (Scored)

Policy Specification

Schema Type
string
Default
Skip
Valid Values [YAML]
  • Skip
Examples [YAML]
  • Skip

Category

  • CIS

In Your Workspace

  • Policy Settings by Type report

Developers

    Category URI
    • tmod:@turbot/cis#/control/categories/cis
    • Policy Type URI
    • tmod:@turbot/azure-cisv1#/policy/types/s01
    • GraphQL
    • query policyType(id: "tmod:@turbot/azure-cisv1#/policy/types/s01") { … }
    • query policySettings(filter: "policyTypeId:'tmod:@turbot/azure-cisv1#/policy/types/s01'") { … }
    • query policyValues(filter: "policyTypeId:'tmod:@turbot/azure-cisv1#/policy/types/s01'") { … }
    • CLI
    • Get Policy Type
    • turbot graphql policy-type --id "tmod:@turbot/azure-cisv1#/policy/types/s01"
      • Get Policy Settings
    • turbot graphql policy-settings --filter "policyTypeId:tmod:@turbot/azure-cisv1#/policy/types/s01"
Guardrails
Guardrails Hub
  • Hub
  • Docs
  • Blog
  • Changelog
Products
  • GuardrailsGuardrails
  • PipesPipes
  • SteampipeSteampipe
  • PowerpipePowerpipe
  • FlowpipeFlowpipe
  • TailpipeTailpipe
Turbot
  • Home
  • About us
  • We're hiring!
  • Contact us
Community

Our community of practitioners love to discuss cloud governance & security.

Slack logoJoin us on Slack →

System StatusLegalSecurity
Terms of UseSecurityPrivacy
50
Mods
204
Resource Types
3,575
Policies
1,941
Controls
103
Quick Actions
111
IAM