Ensure that 'Multi-Factor Auth Status' is 'Enabled' for all Privileged Users

Multi-factor authentication requires an individual to present a minimum of two separate forms of authentication before access is granted. Multi-factor authentication provides additional assurance that the individual attempting to gain access is who they claim to be. With multi-factor authentication, an attacker would need to compromise at least two different authentication mechanisms, increasing the difficulty of compromise and thus reducing the risk.

Suggest Edits

Risk Level: High
Cloud Entity: Azure Active Directory
CloudGuard Rule ID: D9.AZU.IAM.46
Covered by Spectral: No
Category: Security, Identity, & Compliance

GSL LOGIC

User where assignedRoles contain [displayName regexMatch /.*Administrator|Creator|Global.*/] should have userCredentialRegistrationDetails.isRegisterWithMfa=true

REMEDIATION

From Portal

From Azure Home, select the Portal Menu.
Select the Azure Active Directory blade.
Select 'Users'.
Take note of all users with the role Service Co-Administrators, Owners or Contributors.
Click on the Per-User MFA button in the top row menu.
Ensure that 'MULTI-FACTOR AUTH STATUS' is Enabled for all noted users.

Note: Please note that at the time of writing, there is no API, Azure CLI or Powershell mechanism available to programmatically conduct security assessment or remediation for this recommendation.By default, multi-factor authentication is disabled for all users.

References

Azure Active Directory

Azure Active Directory (Azure AD) is Microsoftï¿½ï¿½ï¿½s cloud-based identity and access management service, which helps your employees sign in and access resources in external resources and internal res

Compliance Frameworks

AZU PCI-DSS 4.0
Azure CIS Foundations v. 1.5.0
Azure CIS Foundations v.2.0
Azure CloudGuard Best Practices
Azure Dashboard System Ruleset
Azure NIST 800-53 Rev 5
CloudGuard Azure All Rules Ruleset

Updated about 1 year ago