steampipe plugin install azuread

Table: azuread_directory_setting - Query Azure Active Directory Directory Settings using SQL

Azure Active Directory (Azure AD) is Microsoft's multi-tenant, cloud-based directory, and identity management service. Directory Settings in Azure AD are configurable settings that define the behavior and functionality of the directory. These settings include the ability to manage features like self-service password reset, device settings, group settings, and more.

Table Usage Guide

The azuread_directory_setting table provides insights into Directory Settings within Azure Active Directory. As an IT administrator, explore settings-specific details through this table, including the status of various features like self-service password reset, device settings, group settings, and more. Utilize it to uncover information about the configuration and behavior of your Azure AD directory.

Examples

Basic info

Explore the basic information in your Azure Active Directory settings to determine the areas where changes or updates may be needed. This can be especially useful in managing user access and permissions within your organization.

select
display_name,
id,
value
from
azuread_directory_setting;
select
display_name,
id,
value
from
azuread_directory_setting;

Determine if the workflow for user admin consent is activated. This is useful for managing and enforcing user permissions and access controls within your Azure Active Directory.

select
display_name,
id,
name,
value
from
azuread_directory_setting
where
display_name = 'Consent Policy Settings'
and name = 'EnableAdminConsentRequests'
and value :: bool;
select
display_name,
id,
name,
value
from
azuread_directory_setting
where
display_name = 'Consent Policy Settings'
and name = 'EnableAdminConsentRequests'
and value = '1';

Check if banned password protection is enabled

Determine if your organization's password policy is effectively safeguarding against the use of commonly banned passwords. This query is beneficial in identifying potential vulnerabilities in your password protection settings, ensuring a robust security protocol.

select
display_name,
id,
name,
value
from
azuread_directory_setting
where
display_name = 'Password Rule Settings'
and (
name = 'EnableBannedPasswordCheckOnPremises'
and value :: bool
)
and (
name = 'BannedPasswordCheckOnPremisesMode'
and value = 'Enforced'
);
select
display_name,
id,
name,
value
from
azuread_directory_setting
where
display_name = 'Password Rule Settings'
and (
name = 'EnableBannedPasswordCheckOnPremises'
and value = 'true'
)
and (
name = 'BannedPasswordCheckOnPremisesMode'
and value = 'Enforced'
);

Schema for azuread_directory_setting

NameTypeOperatorsDescription
_ctxjsonbSteampipe context in JSON form.
display_nametextDisplay name of this group of settings, which comes from the associated template.
idtext=Unique identifier for these settings.
nametext=Name of the setting.
sp_connection_nametext=, !=, ~~, ~~*, !~~, !~~*Steampipe connection name.
sp_ctxjsonbSteampipe context in JSON form.
template_idtextUnique identifier for the template used to create this group of settings.
tenant_idtext=, !=, ~~, ~~*, !~~, !~~*The Azure Tenant ID where the resource is located.
titletextTitle of the resource.
valuetextValue of the setting.

Export

This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- azuread

You can pass the configuration to the command with the --config argument:

steampipe_export_azuread --config '<your_config>' azuread_directory_setting