adjusted remediation guides for active directory to reflect entra ID

rtkwlf · Mar 4, 2025 · 7005088 · 7005088
1 parent 5014ac0
commit 7005088
Show file tree

Hide file tree

Showing 60 changed files with 175 additions and 169 deletions.
diff --git a/en/azure/activedirectory/ensure-no-guest-user.md b/en/azure/activedirectory/ensure-no-guest-user.md
diff --git a/en/azure/activedirectory/minimum-password-length.md b/en/azure/activedirectory/minimum-password-length.md
diff --git a/en/azure/activedirectory/no-custom-owner-roles.md b/en/azure/activedirectory/no-custom-owner-roles.md
diff --git a/en/azure/activedirectory/password-requires-lowercase.md b/en/azure/activedirectory/password-requires-lowercase.md
diff --git a/en/azure/activedirectory/password-requires-numbers.md b/en/azure/activedirectory/password-requires-numbers.md
diff --git a/en/azure/activedirectory/password-requires-symbols.md b/en/azure/activedirectory/password-requires-symbols.md
diff --git a/en/azure/entraID/ensure-no-guest-user.md b/en/azure/entraID/ensure-no-guest-user.md
@@ -0,0 +1,24 @@
+[![CloudSploit](https://cloudsploit.com/img/logo-new-big-text-100.png "CloudSploit")](https://cloudsploit.com)
+
+# AZURE / Microsoft Entra ID / Ensure No Guest User
+
+## Quick Info
+
+| | |
+|-|-|
+| **Plugin Title** | Ensure No Guest User |
+| **Cloud** | AZURE |
+| **Category** | Microsoft Entra ID |
+| **Description** | Ensures that there are no guest users in the subscription |
+| **More Info** | Guest users are usually users that are invited from outside the company structure, these users are not part of the onboarding/offboarding process and could be overlooked, causing security vulnerabilities. |
+| **AZURE Link** | https://learn.microsoft.com/en-us/entra/external-id/add-users-administrator |
+| **Recommended Action** | Remove all guest users unless they are required to be members of the Microsoft Entra ID account. |
+
+## Detailed Remediation Steps
+1. Log in to the Microsoft Azure Management Console.
+2. Find the search bar at the top and search for Microsoft Entra ID. 
+3. Select "Microsoft Entra ID" and on the left navigation panel, select "Users" under "Manage".
+4. In the users list, look for users with "User type" as "Guest". If there are "Guest" type users, then those users are not part of the onboarding/offboarding process and are considered a security vulnerability. Such accounts must be deleted.
+5. Select all Users with "User type" as "Guest" and click "Delete User" on the top right.
+6. Click OK in the confirmation popup.
+7. Repeat step number 3 to 6 for all other directories.
diff --git a/en/azure/entraID/minimum-password-length.md b/en/azure/entraID/minimum-password-length.md
@@ -0,0 +1,26 @@
+[![CloudSploit](https://cloudsploit.com/img/logo-new-big-text-100.png "CloudSploit")](https://cloudsploit.com)
+
+# AZURE / Microsoft Entra ID / Minimum Password Length
+
+## Quick Info
+
+| | |
+|-|-|
+| **Plugin Title** | Minimum Password Length |
+| **Cloud** | AZURE |
+| **Category** | Microsoft Entra ID |
+| **Description** | Ensures that all Azure passwords require a minimum length |
+| **More Info** | Microsoft Entra ID handles most password policy settings, including the minimum password length, defaulted to 8 characters. |
+| **AZURE Link** | https://learn.microsoft.com/en-us/entra/identity/authentication/concept-sspr-policy#password-policies-that-only-apply-to-cloud-user-accounts |
+| **Recommended Action** | No action necessary. Microsoft Entra ID handles password requirement settings. |
+
+## Detailed Remediation Steps
+1. Log in to the Microsoft Entra admin center.
+2. Find the search bar at the top and search for Microsoft Entra ID.
+3.  Select "Microsoft Entra ID" and on the left navigation panel, select "Users" under "Manage".
+4. On the "Users" tab click on the "New User" tab at the top.
+5. On the "New User" page, select the option "Create user".
+6. Under the "Identity", enter details like "Username","Name", "First Name","Last Name".
+7. Under the "Password", select "Let me create the password".
+8. In the "Initial password" textbox, enter the password. If it's less than eight characters, Microsoft Entra ID will show this error: "The value must have a length of at least 8".
+9. Repeat the above steps to create New User with pre-defined "Minimum Password Length. 
diff --git a/en/azure/entraID/no-custom-owner-roles.md b/en/azure/entraID/no-custom-owner-roles.md
@@ -0,0 +1,34 @@
+[![CloudSploit](https://cloudsploit.com/img/logo-new-big-text-100.png "CloudSploit")](https://cloudsploit.com)
+
+# AZURE / Microsoft Entra ID / No Custom Owner Roles
+
+## Quick Info
+
+| | |
+|-|-|
+| **Plugin Title** | No Custom Owner Roles |
+| **Cloud** | AZURE |
+| **Category** | Microsoft Entra ID |
+| **Description** | Ensures that no custom owner roles exist. |
+| **More Info** | Subscription owners should not include permissions to create custom owner roles. This follows the principle of least privilege. |
+| **AZURE Link** | https://docs.microsoft.com/en-us/azure/role-based-access-control/custom-roles |
+| **Recommended Action** | Remove roles that allow permissions to create custom owner roles. |
+
+## Detailed Remediation Steps
+
+1. Log in to the Microsoft Entra admin center.
+2. Find the search bar at the top and search for "Microsoft Entra ID".  
+3. Select "Microsoft Entra ID" and on the left navigation panel, navigate to "Roles and Administrators". 
+4. Look for custom roles with "Owner" permissions.
+5. Click on "Roles" to view all roles.
+6. Use the search bar to filter roles by keyword "Owner".
+7. Select any custom owner roles found. 
+8. Review the role's permissions.
+9. Ensure that the role does not contain elevated privileges such as "Microsoft.Authorization/roleAssignments/write" or "Microsoft.Authorization/roleDefinitions/write". 
+10. Remove the custom owner roles if they exist. Click on the role.
+11. Select "Delete" to remove the role. 
+
+
+
+
+
diff --git a/en/azure/entraID/password-requires-lowercase.md b/en/azure/entraID/password-requires-lowercase.md
@@ -0,0 +1,26 @@
+[![CloudSploit](https://cloudsploit.com/img/logo-new-big-text-100.png "CloudSploit")](https://cloudsploit.com)
+
+# AZURE / Microsoft Entra ID / Password Requires Lowercase
+
+## Quick Info
+
+| | |
+|-|-|
+| **Plugin Title** | Password Requires Lowercase |
+| **Cloud** | AZURE |
+| **Category** | Microsoft Entra ID |
+| **Description** | Ensures that all Azure passwords require lowercase characters |
+| **More Info** | Microsoft Entra ID handles most password policy settings, including which character types are required. It enforces at least three out of four of the following character types: lowercase, uppercase, special characters, and numbers. |
+| **AZURE Link** | https://learn.microsoft.com/en-us/entra/identity/authentication/concept-sspr-policy#password-policies-that-only-apply-to-cloud-user-accounts |
+| **Recommended Action** | No action necessary. Azure handles password requirement settings. |
+
+## Detailed Remediation Steps
+1. Log into Microsoft Entra Admin Center.
+2. Select the "Search resources, services, and docs" option at the top and search for Microsoft Entra ID. 
+3.  Select "Microsoft Entra ID". In the navigation panel, select "Users" under the Manage section.
+4. On the "Users" tab click on the "New User" option at the top.
+5. On the "New User" tab, click on the "Create user".
+6. Under the "Identity", enter details like "Username","Name", "First Name","Last Name". Select the group if required and define the role for the user.
+7. On the "Password" tab, click on the "Let me create the password". 
+8. If the password does not contain a lowercase letter, Microsoft Entra ID will automatically display an error message when you click the "Create" button. 
+9. Repeat the above steps to create New User with pre-defined "Password Requires Lowercase".