Added EntraId controls of Tenant and User #33

Arav0308-ms · 2024-08-01T07:16:01Z

Description

This pull request updates the EntraID Scanner module by adding 3 new controls (1-Tenant and 2- User)

Control Name: EntraID_Tenant_CAP_AuthN_Setup_Policies
Description: This control ensures that we have enabled CAP that helps to prevent malicious attacks on tenants by reducing conditions that compromise user accounts and prevent further compromise by taking appropriate actions.
Issue: To check that the security default is enabled or not we have to use
Get-MgBetaPolicyIdentitySecurityDefaultEnforcementPolicy API that requires "Policy.Read.All" Scope that need admin access of the tenant.

Control Name: EntraID_User_AuthZ_Limit_Invite_Permissions_To_Admins
Description: This control checks that we have limited guest invite permissions to admins not to everyone.

Control Name: EntraID_User_AuthZ_Disable_Guest_Self_Service_Signup_Flow
Description: This control checks that we have not enable guest self-service sign up via user flows.
Issue: To check that the Self Service Signup flow is enabled or not we have to use Get-MgBetaPolicyAuthenticationFlowPolicy API that requires "Policy.Read.All" Scope that need admin access of the tenant.

Added EntraId controls of Tenant and User

539fc90

Arav0308-ms requested a review from RohanMaheshwari7 August 1, 2024 07:16

Arav0308-ms assigned Arav0308-ms and RohanMaheshwari7 Aug 8, 2024