Table: azure_ad_group - Query Azure Active Directory Groups using SQL
Azure Active Directory (Azure AD) is Microsoft's cloud-based identity and access management service. It helps your employees sign in and access resources in external resources, such as Microsoft Office 365, the Azure portal, and thousands of other SaaS applications. Azure AD Groups are collections of users and can be used to simplify the assignment of access rights to resources in Azure AD.
Table Usage Guide
The azure_ad_group table provides insights into Azure Active Directory Groups within Microsoft Azure. As a system administrator, explore group-specific details through this table, including identification, membership, and associated metadata. Utilize it to manage access to resources, understand group composition, and maintain security compliance across your organization.
Examples
Basic info
Explore the groups within your Azure Active Directory to determine which ones have email capabilities enabled. This is useful for auditing purposes, ensuring that only necessary groups have email functions activated.
select display_name, object_id, mail, mail_enabled, mail_nicknamefrom azure_ad_group;select display_name, object_id, mail, mail_enabled, mail_nicknamefrom azure_ad_group;List of AD groups where security is not enabled
Determine the areas in which the security feature is not enabled in your Azure Active Directory groups. This can be useful for identifying potential vulnerabilities and taking corrective action to enhance your system's security.
select display_name, object_id, security_enabledfrom azure_ad_groupwhere not security_enabled;select display_name, object_id, security_enabledfrom azure_ad_groupwhere security_enabled = 0;List of AD groups where mail is not enabled
Explore which Azure Active Directory groups do not have mail enabled. This is useful to identify potential communication gaps within your organization.
select display_name, mail, mail_enabledfrom azure_ad_groupwhere not mail_enabled;select display_name, mail, mail_enabledfrom azure_ad_groupwhere mail_enabled is not 1;Schema for azure_ad_group
| Name | Type | Operators | Description |
|---|---|---|---|
| _ctx | jsonb | Steampipe context in JSON form, e.g. connection_name. | |
| additional_properties | jsonb | A list of unmatched properties from the message are deserialized this collection. | |
| akas | jsonb | Array of globally unique identifier strings (also known as) for the resource. | |
| deletion_timestamp | timestamp with time zone | The time at which the directory object was deleted. | |
| display_name | text | A friendly name that identifies a group. | |
| text | The primary email address of the group. | ||
| mail_enabled | boolean | Indicates whether the group is mail-enabled. Must be false. This is because only pure security groups can be created using the Graph API. | |
| mail_nickname | text | The mail alias for the group. | |
| object_id | text | The unique ID that identifies a group. | |
| object_type | text | A string that identifies the object type. | |
| security_enabled | boolean | Specifies whether the group is a security group. | |
| title | text | Title of the resource. |
Export
This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.
You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:
/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- azureYou can pass the configuration to the command with the --config argument:
steampipe_export_azure --config '<your_config>' azure_ad_group