Table: azuread_security_defaults_policy - Query Azure AD Security Defaults Policies using SQL
Security Defaults in Azure AD is a set of basic identity security mechanisms recommended by Microsoft. It provides a level of protection to organizations that may not have dedicated security and identity professionals on their IT staff. Security Defaults include requiring all users to register for Azure AD Multi-Factor Authentication, requiring administrators to perform multi-factor authentication, blocking legacy authentication protocols, and more.
Table Usage Guide
The azuread_security_defaults_policy table provides insights into the Security Defaults Policies within Azure Active Directory. As a security analyst, explore policy-specific details through this table, including the status of the policy and if it is enabled or not. Utilize it to monitor and manage your organization's basic identity security settings, ensuring that all users and administrators are adhering to recommended security practices.
Examples
Basic info
Explore which security policies are active within your Azure Active Directory. This can help in assessing your current security settings and identifying areas that might need reinforcement.
select display_name, id, is_enabledfrom azuread_security_defaults_policy;select display_name, id, is_enabledfrom azuread_security_defaults_policy;Control examples
- CIS v1.4.0 > 1 Account and Authentication > 1.1 Azure Active Directory > 1.1.11 Ensure Security Defaults is disabled on Azure Active Directory
- CIS v1.5.0 > 1 Account and Authentication > 1.1 Azure Active Directory > 1.1.11 Ensure Security Defaults is disabled on Azure Active Directory
- CIS v2.0.0 > 1 Account and Authentication > 1.1 Azure Active Directory > 1.1.1 Ensure Security Defaults are disabled on Azure Active Directory
- CIS v3.0.0 > 5 Microsoft Entra admin center > 5.1 Identity > 5.1.1 Overview > 5.1.1.1 Ensure Security Defaults is disabled on Azure Active Directory
Schema for azuread_security_defaults_policy
| Name | Type | Operators | Description |
|---|---|---|---|
| _ctx | jsonb | Steampipe context in JSON form. | |
| description | text | Description for this policy. | |
| display_name | text | Display name for this policy. | |
| id | text | Identifier for this policy. | |
| is_enabled | boolean | If set to true, Azure Active Directory security defaults is enabled for the tenant. | |
| sp_connection_name | text | =, !=, ~~, ~~*, !~~, !~~* | Steampipe connection name. |
| sp_ctx | jsonb | Steampipe context in JSON form. | |
| tenant_id | text | =, !=, ~~, ~~*, !~~, !~~* | The Azure Tenant ID where the resource is located. |
| title | text | Title of the resource. |
Export
This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.
You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:
/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- azureadYou can pass the configuration to the command with the --config argument:
steampipe_export_azuread --config '<your_config>' azuread_security_defaults_policy