Control: 1.2.5 Ensure Multi-factor Authentication is Required for Risky Sign-ins
Description
For designated users, they will be prompted to use their multi-factor authentication (MFA) process on login.
Enabling multi-factor authentication is a recommended setting to limit the potential of accounts being compromised and limiting access to authenticated personnel.
Remediation
From Azure Portal
- From Azure Home select the Portal Menu in the top left, and select
Azure Active Directory
. - Scroll down in the menu on the left, and select
Security
- Select on the left side
Conditional Access
. - Click the
+ New policy
Default Value
MFA is not enabled by default.
Usage
Run the control in your terminal:
powerpipe control run azure_compliance.control.cis_v150_1_2_5
Snapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run azure_compliance.control.cis_v150_1_2_5 --share
SQL
This control uses a named query:
ad_manual_control