Query: azuread_global_admin_range_restricted

Usage

powerpipe query microsoft365_compliance.query.azuread_global_admin_range_restricted

Steampipe Tables

azuread_directory_role

azuread_user

SQL

with global_administrator_counts as (
  select
    role.tenant_id,
    role._ctx,
    count(*)
  from
    azuread_directory_role as role,
    jsonb_array_elements_text(member_ids) as m_id,
    azuread_user as u
  where
    u.id = m_id
    and role.display_name = 'Global Administrator'
  group by
    role.tenant_id,
    role._ctx
)
select
  tenant_id as resource,
  case
    when count >= 2
    and count <= 4 then 'ok'
    else 'alarm'
  end as status,
  tenant_id || ' has ' || count || ' global administrators.' as reason,
  tenant_id as tenant_id
from
  global_administrator_counts;

Controls

The query is being used by the following controls:

1.1.3 Ensure that between two and four global admins are designated
1.1.3 Ensure that between two and four global admins are designated
1.1.7 Ensure that between two and four global admins are designated
1.1.3 Ensure that between two and four global admins are designated