azure_ad_groupazure_ad_service_principalazure_ad_userazure_alert_managementazure_api_managementazure_api_management_backendazure_app_configurationazure_app_service_environmentazure_app_service_function_appazure_app_service_planazure_app_service_web_appazure_app_service_web_app_slotazure_application_gatewayazure_application_insightazure_application_security_groupazure_automation_accountazure_automation_variableazure_backup_policyazure_bastion_hostazure_batch_accountazure_cdn_frontdoor_profileazure_cognitive_accountazure_compute_availability_setazure_compute_diskazure_compute_disk_accessazure_compute_disk_encryption_setazure_compute_disk_metric_read_opsazure_compute_disk_metric_read_ops_dailyazure_compute_disk_metric_read_ops_hourlyazure_compute_disk_metric_write_opsazure_compute_disk_metric_write_ops_dailyazure_compute_disk_metric_write_ops_hourlyazure_compute_imageazure_compute_resource_skuazure_compute_snapshotazure_compute_ssh_keyazure_compute_virtual_machineazure_compute_virtual_machine_metric_available_memoryazure_compute_virtual_machine_metric_available_memory_dailyazure_compute_virtual_machine_metric_available_memory_hourlyazure_compute_virtual_machine_metric_cpu_utilizationazure_compute_virtual_machine_metric_cpu_utilization_dailyazure_compute_virtual_machine_metric_cpu_utilization_hourlyazure_compute_virtual_machine_scale_setazure_compute_virtual_machine_scale_set_network_interfaceazure_compute_virtual_machine_scale_set_vmazure_consumption_usageazure_container_groupazure_container_registryazure_cosmosdb_accountazure_cosmosdb_mongo_collectionazure_cosmosdb_mongo_databaseazure_cosmosdb_restorable_database_accountazure_cosmosdb_sql_databaseazure_data_factoryazure_data_factory_datasetazure_data_factory_pipelineazure_data_lake_analytics_accountazure_data_lake_storeazure_data_protection_backup_jobazure_data_protection_backup_vaultazure_databox_edge_deviceazure_databricks_workspaceazure_diagnostic_settingazure_dns_zoneazure_eventgrid_domainazure_eventgrid_topicazure_eventhub_namespaceazure_express_route_circuitazure_firewallazure_firewall_policyazure_frontdoorazure_hdinsight_clusterazure_healthcare_serviceazure_hpc_cacheazure_hybrid_compute_machineazure_hybrid_kubernetes_connected_clusterazure_iothubazure_iothub_dpsazure_key_vaultazure_key_vault_certificateazure_key_vault_deleted_vaultazure_key_vault_keyazure_key_vault_key_versionazure_key_vault_managed_hardware_security_moduleazure_key_vault_secretazure_kubernetes_clusterazure_kubernetes_service_versionazure_kusto_clusterazure_lbazure_lb_backend_address_poolazure_lb_nat_ruleazure_lb_outbound_ruleazure_lb_probeazure_lb_ruleazure_lighthouse_assignmentazure_lighthouse_definitionazure_locationazure_log_alertazure_log_analytics_workspaceazure_log_profileazure_logic_app_workflowazure_machine_learning_workspaceazure_maintenance_configurationazure_management_groupazure_management_lockazure_mariadb_serverazure_monitor_activity_log_eventazure_monitor_log_profileazure_mssql_elasticpoolazure_mssql_managed_instanceazure_mssql_virtual_machineazure_mysql_flexible_serverazure_mysql_serverazure_nat_gatewayazure_network_interfaceazure_network_security_groupazure_network_watcherazure_network_watcher_flow_logazure_policy_assignmentazure_policy_definitionazure_postgresql_flexible_serverazure_postgresql_serverazure_private_dns_zoneazure_private_endpointazure_providerazure_public_ipazure_recovery_services_backup_jobazure_recovery_services_vaultazure_redis_cacheazure_resourceazure_resource_groupazure_resource_linkazure_role_assignmentazure_role_definitionazure_route_tableazure_search_serviceazure_security_center_auto_provisioningazure_security_center_automationazure_security_center_contactazure_security_center_jit_network_access_policyazure_security_center_settingazure_security_center_sub_assessmentazure_security_center_subscription_pricingazure_service_fabric_clusterazure_servicebus_namespaceazure_signalr_serviceazure_spring_cloud_serviceazure_sql_databaseazure_sql_serverazure_storage_accountazure_storage_blobazure_storage_blob_serviceazure_storage_containerazure_storage_queueazure_storage_share_fileazure_storage_syncazure_storage_tableazure_storage_table_serviceazure_stream_analytics_jobazure_subnetazure_subscriptionazure_synapse_workspaceazure_tenantazure_virtual_networkazure_virtual_network_gatewayazure_web_application_firewall_policy
Table: azure_tenant - Query Azure Tenants using SQL
Azure Tenants represent an organization in Azure. Each organization has at least one tenant, and each Azure subscription is associated with a tenant. Tenants are used to manage access to Azure resources.
Table Usage Guide
The azure_tenant table provides insights into the organizations associated with Azure subscriptions. As a Cloud Administrator, you can use this table to explore details such as tenant IDs and domains. This information can be useful for managing access to Azure resources and for understanding the organizational structure of your Azure subscriptions.
Examples
Basic info
Discover the segments that are part of your Azure tenant, including their geographical location and associated domains. This is useful for understanding the distribution and categorization of your Azure resources.
select name, id, tenant_id, tenant_category, country, country_code, display_name, domainsfrom azure_tenant;select name, id, tenant_id, tenant_category, country, country_code, display_name, domainsfrom azure_tenant;Control examples
- All Controls > Active Directory > Ensure guest users are reviewed on a monthly basis
- All Controls > Active Directory > Ensure Multi-factor Authentication is required for Azure Management
- All Controls > Active Directory > Ensure that 'Users can create security groups in Azure portals, API or PowerShell' is set to 'No'
- All Controls > Active Directory > Ensure that 'Users Can Create Tenants' is set to 'No'
- All Controls > Active Directory > Ensure that 'Users Can Register Applications' is set to 'No'
- All Controls > Active Directory > IAM users should not have built in contributor role
- Blocked accounts with owner permissions on Azure resources should be removed
- Blocked accounts with read and write permissions on Azure resources should be removed
- CIS v1.3.0 > 1 Identity and Access Management > 1.3 Ensure guest users are reviewed on a monthly basis
- CIS v1.4.0 > 1 Identity and Access Management > 1.3 Ensure guest users are reviewed on a monthly basis
- CIS v1.5.0 > 1 Identity and Access Management > 1.14 Ensure That ‘Users Can Register Applications’ Is Set to ‘No’
- CIS v1.5.0 > 1 Identity and Access Management > 1.19 Ensure that 'Users can create security groups in Azure portals, API or PowerShell' is set to 'No'
- CIS v1.5.0 > 1 Identity and Access Management > 1.2 Conditional Access > 1.2.6 Ensure Multi-factor Authentication is Required for Azure Management
- CIS v1.5.0 > 1 Identity and Access Management > 1.4 Ensure Guest Users Are Reviewed on a Regular Basis
- CIS v2.0.0 > 1 Identity and Access Management > 1.14 Ensure That 'Users Can Register Applications' Is Set to 'No'
- CIS v2.0.0 > 1 Identity and Access Management > 1.19 Ensure that 'Users can create security groups in Azure portals, API or PowerShell' is set to 'No'
- CIS v2.0.0 > 1 Identity and Access Management > 1.2 Conditional Access > 1.2.6 Ensure Multi-factor Authentication is Required for Azure Management
- CIS v2.0.0 > 1 Identity and Access Management > 1.5 Ensure Guest Users Are Reviewed on a Regular Basis
- CIS v2.1.0 > 1 Identity and Access Management > 1.13 Ensure That 'Users Can Register Applications' Is Set to 'No'
- CIS v2.1.0 > 1 Identity and Access Management > 1.18 Ensure that 'Users can create security groups in Azure portals, API or PowerShell' is set to 'No'
- CIS v2.1.0 > 1 Identity and Access Management > 1.2 Conditional Access > 1.2.6 Ensure Multifactor Authentication is Required for Windows Azure Service Management API
- CIS v2.1.0 > 1 Identity and Access Management > 1.25 Ensure fewer than 5 users have global administrator assignment
- CIS v2.1.0 > 1 Identity and Access Management > 1.4 Ensure Guest Users Are Reviewed on a Regular Basis
- Guest accounts with owner permissions on Azure resources should be removed
- Guest accounts with read permissions on Azure resources should be removed
- Guest accounts with write permissions on Azure resources should be removed
Schema for azure_tenant
| Name | Type | Operators | Description |
|---|---|---|---|
| _ctx | jsonb | Steampipe context in JSON form. | |
| akas | jsonb | Array of globally unique identifier strings (also known as) for the resource. | |
| cloud_environment | text | The Azure Cloud Environment. | |
| country | text | Country/region name of the address for the tenant. | |
| country_code | text | Country/region abbreviation for the tenant. | |
| display_name | text | The list of domains for the tenant. | |
| domains | jsonb | The list of domains for the tenant. | |
| id | text | The fully qualified ID of the tenant. For example, /tenants/00000000-0000-0000-0000-000000000000. | |
| name | text | The display name of the tenant. | |
| sp_connection_name | text | =, !=, ~~, ~~*, !~~, !~~* | Steampipe connection name. |
| sp_ctx | jsonb | Steampipe context in JSON form. | |
| subscription_id | text | =, !=, ~~, ~~*, !~~, !~~* | The Azure Subscription ID in which the resource is located. |
| tenant_category | text | The tenant category. Possible values include: 'Home', 'ProjectedBy', 'ManagedBy'. | |
| tenant_id | text | The tenant ID. For example, 00000000-0000-0000-0000-000000000000. | |
| title | text | Title of the resource. |
Export
This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.
You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:
/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- azureYou can pass the configuration to the command with the --config argument:
steampipe_export_azure --config '<your_config>' azure_tenant