Query: Ensure that a 'Custom banned password list' is set to 'Enforce'

Description

Microsoft Azure applies a default global banned password list to all user and admin accounts that are created and managed directly in Microsoft Entra ID. The Microsoft Entra password policy does not apply to user accounts that are synchronized from an on-premises Active Directory environment, unless Microsoft Entra ID Connect is used and EnforceCloudPasswordPolicyForPasswordSyncedUsers is enabled.

Query

Tables used in this query:

• azure_tenant
• azuread_directory_setting

Controls using this query:

• 5.8 Ensure that a 'Custom banned password list' is set to 'Enforce'
• Ensure that a 'Custom banned password list' is set to 'Enforce'

SQL