Control: 1.20 Ensure that 'Require Multi-Factor Auth to join devices' is set to 'Yes'
Joining devices to the active directory should require Multi-factor authentication.
Multi-factor authentication is recommended when adding devices to Azure AD. When set to
Yes, users who are adding devices from the internet must first use the second method of authentication before their device is successfully added to the directory. This ensures that rogue devices are not added to the directory for a compromised user account
- Log in to Azure Active Directory
- Go to
Devicesin left bar
- Go to
Device settingsin left bar
Devices to be Azure AD joined or Azure AD registered require Multi-Factor Authenticationto Yes
Note: By default,
Devices to be Azure AD joined or Azure AD registered require Multi-Factor Authentication is set to
steampipe check azure_compliance.control.cis_v130_1_20
This control uses a named query:ad_manual_control