Risk Level: High
Cloud Entity: Azure Active Directory
CloudGuard Rule ID: D9.AZU.IAM.46
Covered by Spectral: No
Category: Security, Identity, & Compliance
User where assignedRoles contain [displayName regexMatch /.*Administrator|Creator|Global.*/] should have userCredentialRegistrationDetails.isRegisterWithMfa=true
- From Azure Home, select the Portal Menu.
- Select the Azure Active Directory blade.
- Select 'Users'.
- Take note of all users with the role Service Co-Administrators, Owners or Contributors.
- Click on the Per-User MFA button in the top row menu.
- Ensure that 'MULTI-FACTOR AUTH STATUS' is Enabled for all noted users.
Note: Please note that at the time of writing, there is no API, Azure CLI or Powershell mechanism available to programmatically conduct security assessment or remediation for this recommendation.By default, multi-factor authentication is disabled for all users.
Azure Active Directory (Azure AD) is Microsoftï¿½ï¿½ï¿½s cloud-based identity and access management service, which helps your employees sign in and access resources in external resources and internal res
- AZU PCI-DSS 4.0
- Azure CIS Foundations v. 1.5.0
- Azure CIS Foundations v.2.0
- Azure CloudGuard Best Practices
- Azure Dashboard System Ruleset
- Azure NIST 800-53 Rev 5
- CloudGuard Azure All Rules Ruleset
Updated 3 months ago