title | description |
---|---|
Steampipe Table: azuread_authorization_policy - Query Azure Active Directory Authorization Policies using SQL |
Allows users to query Azure Active Directory Authorization Policies, specifically the policy settings, providing insights into access management and security configurations. |
Azure Active Directory (Azure AD) Authorization Policy is a feature of Microsoft Azure that defines how resources in your organization are accessed. It provides a centralized way to manage authorization settings, control access, and enforce security configurations across your Azure resources. Azure AD Authorization Policy enables you to manage and secure access to your resources effectively.
The azuread_authorization_policy
table provides insights into authorization policies within Azure Active Directory. As a security administrator, explore policy-specific details through this table, including policy settings, associated metadata, and security configurations. Utilize it to uncover information about policies, such as those with specific access controls, the enforcement of security configurations, and the verification of authorization settings.
Analyze the settings to understand the display name, ID, and invite permissions for a given Azure AD authorization policy. This can be useful for auditing and managing access controls within your Azure environment.
select
display_name,
id,
allow_invites_from
from
azuread_authorization_policy;
select
display_name,
id,
allow_invites_from
from
azuread_authorization_policy;
Determine the areas in which users have not granted permission for apps to access company data on their behalf. This can be useful to maintain data privacy and prevent unauthorized access.
select
display_name,
id,
default_user_role_permissions
from
azuread_authorization_policy
where
default_user_role_permissions ->> 'permissionGrantPoliciesAssigned' = '[]';
select
display_name,
id,
default_user_role_permissions
from
azuread_authorization_policy
where
json_extract(default_user_role_permissions, '$.permissionGrantPoliciesAssigned') = '[]';
Determine if your organization's settings permit all members to invite external users. This is useful for assessing the openness of your organization's communication and collaboration policies.
select
display_name,
id,
default_user_role_permissions
from
azuread_authorization_policy
where
allow_invites_from = 'everyone';
select
display_name,
id,
default_user_role_permissions
from
azuread_authorization_policy
where
allow_invites_from = 'everyone';
Determine if your organization's settings allow users to join without verifying their email first. This could be a potential security risk, as it may enable unauthorized individuals to gain access to your system.
select
display_name,
id,
default_user_role_permissions
from
azuread_authorization_policy
where
not allowed_email_verified_users_to_join_organization;
select
display_name,
id,
default_user_role_permissions
from
azuread_authorization_policy
where
not allowed_email_verified_users_to_join_organization;