AZ-IDN-005 to AZ-IDN-009 — Entra ID identity scanner rules#109
Merged
Conversation
This script detects guest users assigned to high privilege roles in Entra ID and logs findings for remediation.
Implement AZ-IDN-006 rule to detect service principal client secrets older than 90 days or without expiry. The rule includes logging, fetching applications from Graph API, and evaluating credentials.
This rule detects active user accounts in Entra ID that do not have multi-factor authentication methods registered, highlighting potential security vulnerabilities.
This script detects custom RBAC roles with wildcard or overly broad permissions at the subscription scope and provides remediation steps.
This rule checks for the absence of activity log alerts for role assignment changes in Azure subscriptions, logging findings if no alerts are configured.
This script provides a remediation playbook for removing high privilege roles from guest users in Entra ID, including usage instructions and role assignment fetching.
This script provides a remediation playbook for rotating service principal client secrets older than 90 days. It includes usage instructions and steps for listing, resetting credentials, and migrating to managed identities.
This script provides a remediation playbook for enforcing MFA registration for users without MFA in Entra ID. It includes steps to identify users and create a Conditional Access policy.
This script provides a playbook for remediating custom RBAC roles with wildcard permissions at the subscription scope, guiding users through listing, reviewing, and updating roles.
This script creates an activity log alert for role assignment changes to detect privilege escalation in real time.
Added new controls for privileged access management, password management, secure log-on procedures, and event logging to comply with ISO 27001 standards.
Collaborator
Author
|
@Vishnu2707 Sir, it's ready to merge. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What does this PR do?
Type of change
Rule details (if applicable)
Testing
Related issue
Closes #103
Checklist