v1.0 for Steampipe, Powerpipe, Flowpipe, 116 plugins, and 44 mods →
Steampipe logo 
Hub
Plugins
turbot/azuread
Overview
15Tables
Versions
PowerpipeMods
GitHub
steampipe plugin install azuread

Table: azuread_admin_consent_request_policy - Query Azure Active Directory Admin Consent Request Policies using SQL

An Azure Active Directory Admin Consent Request Policy is a feature within Microsoft Azure that controls the workflow of admin consent requests. It provides a centralized way to manage and review admin consent requests for applications requiring access to data they do not have permissions for. Azure AD admin consent request policy helps you stay informed about the access requests and take appropriate actions when predefined conditions are met.

Table Usage Guide

The azuread_admin_consent_request_policy table provides insights into admin consent request policies within Azure Active Directory. As a security engineer, explore policy-specific details through this table, including policy settings, approval steps, and associated metadata. Utilize it to uncover information about policies, such as those with specific approval steps, the workflow of admin consent requests, and the verification of policy settings.

Examples

Basic info

Explore which Azure Active Directory admin consent request policies are enabled and their respective versions. This is useful for assessing the current status and versioning of your policies.

select
  title,
  is_enabled,
  version
from
  azuread_admin_consent_request_policy;
select
  title,
  is_enabled,
  version
from
  azuread_admin_consent_request_policy;

Check admin consent workflow is enabled

Determine if the admin consent workflow is active in Azure Active Directory, which is essential for enhancing security by ensuring that admins explicitly approve access requests to specific resources.

select
  title,
  is_enabled,
  version
from
  azuread_admin_consent_request_policy
where
  is_enabled;
select
  title,
  is_enabled,
  version
from
  azuread_admin_consent_request_policy
where
  is_enabled;

List users who can review new admin consent requests

Determine the users who have the authority to review new administrative consent requests. This is useful for managing permissions and ensuring only appropriate personnel are able to handle these requests.

select
  p.title,
  p.is_enabled,
  u.display_name as user_display_name,
  u.user_principal_name
from
  azuread_admin_consent_request_policy as p,
  jsonb_array_elements(reviewers) as r
  left join azuread_user as u on split_part(r ->> 'query', '/', 4) = u.id
where
  is_enabled;
Error: SQLite does not support split
or string_to_array functions.

Control examples

Schema for azuread_admin_consent_request_policy

NameTypeOperatorsDescription
_ctxjsonbSteampipe context in JSON form.
is_enabledbooleanSpecifies whether the admin consent request feature is enabled or disabled.
notify_reviewersbooleanSpecifies whether reviewers will receive notifications.
reminders_enabledbooleanSpecifies whether reviewers will receive reminder emails.
request_duration_in_daysbigintSpecifies the duration the request is active before it automatically expires if no decision is applied.
reviewersjsonbThe list of reviewers for the admin consent.
sp_connection_nametext=, !=, ~~, ~~*, !~~, !~~*Steampipe connection name.
sp_ctxjsonbSteampipe context in JSON form.
tenant_idtext=, !=, ~~, ~~*, !~~, !~~*The Azure Tenant ID where the resource is located.
titletextTitle of the resource.
versionbigintSpecifies the version of this policy. When the policy is updated, this version is updated.

Export

This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- azuread

You can pass the configuration to the command with the --config argument:

steampipe_export_azuread --config '<your_config>' azuread_admin_consent_request_policy