Steampipe unbundled →
Steampipe Hub 
Hub
Plugins
turbot/azuread
Overview
15Tables
Versions
PowerpipeMods
GitHub
steampipe plugin install azuread

Table: azuread_directory_setting - Query Azure Active Directory Directory Settings using SQL

Azure Active Directory (Azure AD) is Microsoft's multi-tenant, cloud-based directory, and identity management service. Directory Settings in Azure AD are configurable settings that define the behavior and functionality of the directory. These settings include the ability to manage features like self-service password reset, device settings, group settings, and more.

Table Usage Guide

The azuread_directory_setting table provides insights into Directory Settings within Azure Active Directory. As an IT administrator, explore settings-specific details through this table, including the status of various features like self-service password reset, device settings, group settings, and more. Utilize it to uncover information about the configuration and behavior of your Azure AD directory.

Examples

Basic info

Explore the basic information in your Azure Active Directory settings to determine the areas where changes or updates may be needed. This can be especially useful in managing user access and permissions within your organization.

select
  display_name,
  id,
  value
from
  azuread_directory_setting;
select
  display_name,
  id,
  value
from
  azuread_directory_setting;

Check if user admin consent workflow is enabled

Determine if the workflow for user admin consent is activated. This is useful for managing and enforcing user permissions and access controls within your Azure Active Directory.

select
  display_name,
  id,
  name,
  value
from
  azuread_directory_setting
where
  display_name = 'Consent Policy Settings'
  and name = 'EnableAdminConsentRequests'
  and value :: bool;
select
  display_name,
  id,
  name,
  value
from
  azuread_directory_setting
where
  display_name = 'Consent Policy Settings'
  and name = 'EnableAdminConsentRequests'
  and value = '1';

Check if banned password protection is enabled

Determine if your organization's password policy is effectively safeguarding against the use of commonly banned passwords. This query is beneficial in identifying potential vulnerabilities in your password protection settings, ensuring a robust security protocol.

select
  display_name,
  id,
  name,
  value
from
  azuread_directory_setting
where
  display_name = 'Password Rule Settings'
  and (
    name = 'EnableBannedPasswordCheckOnPremises'
    and value :: bool
  )
  and (
    name = 'BannedPasswordCheckOnPremisesMode'
    and value = 'Enforced'
  );
select
  display_name,
  id,
  name,
  value
from
  azuread_directory_setting
where
  display_name = 'Password Rule Settings'
  and (
    name = 'EnableBannedPasswordCheckOnPremises'
    and value = 'true'
  )
  and (
    name = 'BannedPasswordCheckOnPremisesMode'
    and value = 'Enforced'
  );

Control examples

Schema for azuread_directory_setting

NameTypeOperatorsDescription
_ctxjsonbSteampipe context in JSON form, e.g. connection_name.
display_nametextDisplay name of this group of settings, which comes from the associated template.
idtext=Unique identifier for these settings.
nametext=Name of the setting.
template_idtextUnique identifier for the template used to create this group of settings.
tenant_idtextThe Azure Tenant ID where the resource is located.
titletextTitle of the resource.
valuetextValue of the setting.

Export

This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- azuread

You can pass the configuration to the command with the --config argument:

steampipe_export_azuread --config '<your_config>' azuread_directory_setting