forked from aquasecurity/cloud-security-remediation-guides
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #188 from rtkwlf/revert-185-entraID
Revert "Active directory to entra ID"
- Loading branch information
Showing
60 changed files
with
169 additions
and
175 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,24 @@ | ||
| [](https://cloudsploit.com) | ||
|
|
||
| # AZURE / Active Directory / Ensure No Guest User | ||
|
|
||
| ## Quick Info | ||
|
|
||
| | | | | ||
| |-|-| | ||
| | **Plugin Title** | Ensure No Guest User | | ||
| | **Cloud** | AZURE | | ||
| | **Category** | Active Directory | | ||
| | **Description** | Ensures that there are no guest users in the subscription | | ||
| | **More Info** | Guest users are usually users that are invited from outside the company structure, these users are not part of the onboarding/offboarding process and could be overlooked, causing security vulnerabilities. | | ||
| | **AZURE Link** | https://docs.microsoft.com/en-us/azure/active-directory/b2b/add-users-administrator | | ||
| | **Recommended Action** | Remove all guest users unless they are required to be members of the Active Directory account. | | ||
|
|
||
| ## Detailed Remediation Steps | ||
| 1. Log in to the Microsoft Azure Management Console. | ||
| 2. Find the search bar at the top and search for Azure Active Directory. </br> <img src="/resources/azure/activedirectory/ensure-no-guest-user/step2.png"/> | ||
| 3. Select the "Azure Active Directory" and on the left navigation panel, select the "Users" under "Manage".</br> <img src="/resources/azure/activedirectory/ensure-no-guest-user/step3.png"/> | ||
| 4. In the users list, look for users with "User type" as "Guest". If there are "Guest" type users then those users are not part of the onboarding/offboarding process and are considered a security vulnerability. Such accounts must be deleted.</br> <img src="/resources/azure/activedirectory/ensure-no-guest-user/step4.png"/> | ||
| 5. Select all Users with "User type" as "Guest" and click "Delete User" on the top right.</br> <img src="/resources/azure/activedirectory/ensure-no-guest-user/step5.png"/> | ||
| 6. Click OK in the confirmation popup.</br> <img src="/resources/azure/activedirectory/ensure-no-guest-user/step6.png"/> | ||
| 7. Repeat step number 3 to 6 for all other directories. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,26 @@ | ||
| [](https://cloudsploit.com) | ||
|
|
||
| # AZURE / Active Directory / Minimum Password Length | ||
|
|
||
| ## Quick Info | ||
|
|
||
| | | | | ||
| |-|-| | ||
| | **Plugin Title** | Minimum Password Length | | ||
| | **Cloud** | AZURE | | ||
| | **Category** | Active Directory | | ||
| | **Description** | Ensures that all Azure passwords require a minimum length | | ||
| | **More Info** | Azure handles most password policy settings, including the minimum password length, defaulted to 8 characters. | | ||
| | **AZURE Link** | https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-sspr-policy#password-policies-that-only-apply-to-cloud-user-accounts | | ||
| | **Recommended Action** | No action necessary. Azure handles password requirement settings. | | ||
|
|
||
| ## Detailed Remediation Steps | ||
| 1. Log in to the Microsoft Azure Management Console. | ||
| 2. Find the search bar at the top and search for Azure Active Directory. </br> <img src="/resources/azure/activedirectory/minimum-password-length/step2.png"/> | ||
| 3. Select the "Azure Active Directory" and on the left navigation panel, select the "Users" under "Manage" .</br> <img src="/resources/azure/activedirectory/minimum-password-length/step3.png"/> | ||
| 4. On the "Users" tab click on the "New User" tab at the top.</br> <img src="/resources/azure/activedirectory/minimum-password-length/step4.png"/> | ||
| 5. On the "New User" page, select the option "Create user".</br> <img src="/resources/azure/activedirectory/minimum-password-length/step5.png"/> | ||
| 6. Under the "Identity", enter details like "Username","Name", "First Name","Last Name".</br> <img src="/resources/azure/activedirectory/minimum-password-length/step6.png"/> | ||
| 7. Under the "Password", select "Let me create the password". </br> <img src="/resources/azure/activedirectory/minimum-password-length/step7.png"/> | ||
| 8. In the "Initial password" textbox enter the password, and if it's less than eight characters, Azure will show this error "The value must have a length of at least 8".</br> <img src="/resources/azure/activedirectory/minimum-password-length/step8.png"/> | ||
| 9. Repeat the above steps to create New User with pre-defined "Minimum Password Length."</br> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,22 @@ | ||
| [](https://cloudsploit.com) | ||
|
|
||
| # AZURE / Active Directory / No Custom Owner Roles | ||
|
|
||
| ## Quick Info | ||
|
|
||
| | | | | ||
| |-|-| | ||
| | **Plugin Title** | No Custom Owner Roles | | ||
| | **Cloud** | AZURE | | ||
| | **Category** | Active Directory | | ||
| | **Description** | Ensures that no custom owner roles exist. | | ||
| | **More Info** | Subscription owners should not include permissions to create custom owner roles. This follows the principle of least privilege. | | ||
| | **AZURE Link** | https://docs.microsoft.com/en-us/azure/role-based-access-control/custom-roles | | ||
| | **Recommended Action** | Remove roles that allow permissions to create custom owner roles. | | ||
|
|
||
| ## Detailed Remediation Steps | ||
|
|
||
|
|
||
|
|
||
|
|
||
|
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,26 @@ | ||
| [](https://cloudsploit.com) | ||
|
|
||
| # AZURE / Active Directory / Password Requires Lowercase | ||
|
|
||
| ## Quick Info | ||
|
|
||
| | | | | ||
| |-|-| | ||
| | **Plugin Title** | Password Requires Lowercase | | ||
| | **Cloud** | AZURE | | ||
| | **Category** | Active Directory | | ||
| | **Description** | Ensures that all Azure passwords require lowercase characters | | ||
| | **More Info** | Azure handles most password policy settings, including which character types are required. Azure requires 3 out of 4 of the following character types: lowercase, uppercase, special characters, and numbers. | | ||
| | **AZURE Link** | https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-sspr-policy#password-policies-that-only-apply-to-cloud-user-accounts | | ||
| | **Recommended Action** | No action necessary. Azure handles password requirement settings. | | ||
|
|
||
| ## Detailed Remediation Steps | ||
| 1. Log into the Microsoft Azure Management Console. | ||
| 2. Select the "Search resources, services, and docs" option at the top and search for Azure Active Directory. </br> <img src="/resources/azure/activedirectory/password-requires-lowercase/step2.png"/> | ||
| 3. Select the "Azure Active Directory". On the navigation panel, select the "Users" under Manage option. </br> <img src="/resources/azure/activedirectory/password-requires-lowercase/step3.png"/> | ||
| 4. On the "Users" tab click on the "New User" option at the top.</br> <img src="/resources/azure/activedirectory/password-requires-lowercase/step4.png"/> | ||
| 5. On the "New User" tab, click on the "Create user".</br> <img src="/resources/azure/activedirectory/password-requires-lowercase/step5.png"/> | ||
| 6. Under the "Identity", enter details like "Username","Name", "First Name","Last Name". Select the group if required and define the role for the user.</br> <img src="/resources/azure/activedirectory/password-requires-lowercase/step6.png"/> | ||
| 7. On the "Password" tab, click on the "Let me create the password". </br> <img src="/resources/azure/activedirectory/password-requires-lowercase/step7.png"/> | ||
| 8. On the "Initial Tab" enter the password, and if the password doesn't contain any lower case letter than the Azure will automatically show the error message when you will click on "Create" button at the bottom.</br> <img src="/resources/azure/activedirectory/password-requires-lowercase/step8.png"/> | ||
| 9. Repeat the above steps to create New User with pre-defined "Password Requires Lowercase".</br> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,27 @@ | ||
| [](https://cloudsploit.com) | ||
|
|
||
| # AZURE / Active Directory / Password Requires Numbers | ||
|
|
||
| ## Quick Info | ||
|
|
||
| | | | | ||
| |-|-| | ||
| | **Plugin Title** | Password Requires Numbers | | ||
| | **Cloud** | AZURE | | ||
| | **Category** | Active Directory | | ||
| | **Description** | Ensures that all Azure passwords require numbers | | ||
| | **More Info** | Azure handles most password policy settings, including which character types are required. Azure requires 3 out of 4 of the following character types: lowercase, uppercase, special characters, and numbers. | | ||
| | **AZURE Link** | https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-sspr-policy#password-policies-that-only-apply-to-cloud-user-accounts | | ||
| | **Recommended Action** | No action necessary. Azure handles password requirement settings. | | ||
|
|
||
| ## Detailed Remediation Steps | ||
| 1. Log into the Microsoft Azure Management Console. | ||
| 2. Select the "Search resources, services, and docs" option at the top and search for Azure Active Directory. </br> <img src="/resources/azure/activedirectory/password-requires-numbers/step2.png"/> | ||
| 3. Select the "Azure Active Directory". On the navigation panel, select the "Users" under Manage option.</br> | ||
| <img src="/resources/azure/activedirectory/password-requires-numbers/step3.png"/> | ||
| 4. On the "Users" tab click on the "New User" option at the top.</br> <img src="/resources/azure/activedirectory/password-requires-numbers/step4.png"/> | ||
| 5. On the "New User" tab, click on the "Create user".</br> <img src="/resources/azure/activedirectory/password-requires-numbers/step5.png"/> | ||
| 6. Under the "Identity", enter details like "Username","Name", "First Name","Last Name". Select the group if required and define the role for the user.</br> <img src="/resources/azure/activedirectory/password-requires-numbers/step6.png"/> | ||
| 7. On the "Password" tab, click on the "Let me create the password". </br> <img src="/resources/azure/activedirectory/password-requires-numbers/step7.png"/> | ||
| 8. On the "Initial Tab" enter the password, and if the password doesn't contain any "Number" than the Azure will automatically show the error message when you will click on "Create" button at the bottom.</br> <img src="/resources/azure/activedirectory/password-requires-numbers/step8.png"/> | ||
| 9. Repeat the above steps to create New User with pre-defined "Password Requires Numbers".</br> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,28 @@ | ||
| [](https://cloudsploit.com) | ||
|
|
||
| # AZURE / Active Directory / Password Requires Symbols | ||
|
|
||
| ## Quick Info | ||
|
|
||
| | | | | ||
| |-|-| | ||
| | **Plugin Title** | Password Requires Symbols | | ||
| | **Cloud** | AZURE | | ||
| | **Category** | Active Directory | | ||
| | **Description** | Ensures that all Azure passwords require symbol characters | | ||
| | **More Info** | Azure handles most password policy settings, including which character types are required. Azure requires 3 out of 4 of the following character types: lowercase, uppercase, special characters, and numbers. | | ||
| | **AZURE Link** | https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-sspr-policy#password-policies-that-only-apply-to-cloud-user-accounts | | ||
| | **Recommended Action** | No action necessary. Azure handles password requirement settings. | | ||
|
|
||
| ## Detailed Remediation Steps | ||
|
|
||
| 1. Log in to the Microsoft Azure Management Console. | ||
| 2. Find the search bar at the top and search for Azure Active Directory. </br> <img src="/resources/azure/activedirectory/password-requires-symbols/step2.png"/> | ||
| 3. Select the "Azure Active Directory" and on the left navigation panel, select the "Users" under "Manage".</br> <img src="/resources/azure/activedirectory/password-requires-symbols/step3.png"/> | ||
| 4. On the "Users" tab click on the "New User" option at the top.</br> <img src="/resources/azure/activedirectory/password-requires-symbols/step4.png"/> | ||
| 5. On the "New User" page, select "Create user".</br> <img src="/resources/azure/activedirectory/password-requires-symbols/step5.png"/> | ||
| 6. Under "Identity", enter details like "Username","Name", "First Name","Last Name".</br> <img src="/resources/azure/activedirectory/password-requires-symbols/step6.png"/> | ||
| 7. Under "Password", click on "Let me create the password". </br> <img src="/resources/azure/activedirectory/password-requires-symbols/step7.png"/> | ||
| 8. On the "Initial password" textbox enter the password, and if the password doesn't contain any "Symbols such as @, #", then the Azure will automatically show the error message "Unable to create user" when you will click "Create" button at the bottom.</br> <img src="/resources/azure/activedirectory/password-requires-symbols/step8.png"/> | ||
| 9. If you click on the information bubble next to "Initial password" you will find the password combinations you can make.</br> <img src="/resources/azure/activedirectory/password-requires-symbols/step9.png"/> | ||
| 10. Repeat the above steps to create New User with pre-defined "Password Requires Symbols".</br> |
22 changes: 11 additions & 11 deletions
22
...re/entraID/password-requires-uppercase.md → ...edirectory/password-requires-uppercase.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,27 +1,27 @@ | ||
| [](https://cloudsploit.com) | ||
|
|
||
| # AZURE / Microsoft Entra ID / Password Requires Uppercase | ||
| # AZURE / Active Directory / Password Requires Uppercase | ||
|
|
||
| ## Quick Info | ||
|
|
||
| | | | | ||
| |-|-| | ||
| | **Plugin Title** | Password Requires Uppercase | | ||
| | **Cloud** | AZURE | | ||
| | **Category** | Microsoft Entra ID | | ||
| | **Category** | Active Directory | | ||
| | **Description** | Ensures that all Azure passwords require uppercase characters | | ||
| | **More Info** | Azure handles most password policy settings, including which character types are required. Azure requires 3 out of 4 of the following character types: lowercase, uppercase, special characters, and numbers. | | ||
| | **AZURE Link** | https://learn.microsoft.com/en-us/entra/identity/authentication/concept-sspr-policy#password-policies-that-only-apply-to-cloud-user-accounts | | ||
| | **AZURE Link** | https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-sspr-policy#password-policies-that-only-apply-to-cloud-user-accounts | | ||
| | **Recommended Action** | No action necessary. Azure handles password requirement settings. | | ||
|
|
||
| ## Detailed Remediation Steps | ||
|
|
||
| 1. Log into the Microsoft Azure Management Console. | ||
| 2. Select the "Search resources, services, and docs" option at the top and search for Microsoft Entra ID. | ||
| 3. Select "Microsoft Entra ID". On the navigation panel, select "Users" under the Manage section. | ||
| 4. On the "Users" tab click on the "New User" option at the top. | ||
| 5. On the "New User" tab, click on the "Create user". | ||
| 6. Under the "Identity", enter details like "Username","Name", "First Name","Last Name". Select the group if required and define the role for the user. | ||
| 7. On the "Password" tab, click on the "Let me create the password". | ||
| 8. On the "Initial Tab" enter the password, and if the password doesn't contain any "Symbols such as @, #", then the Azure will automatically show the error message. | ||
| 9. Repeat the above steps to create New User with pre-defined "Password Requires Uppercase". | ||
| 2. Select the "Search resources, services, and docs" option at the top and search for Azure Active Directory. </br> <img src="/resources/azure/activedirectory/password-requires-uppercase/step2.png"/> | ||
| 3. Select the "Azure Active Directory", on the navigation panel, select the "Users" under Manage option.</br><img src="/resources/azure/activedirectory/password-requires-uppercase/step3.png"/> | ||
| 4. On the "Users" tab click on the "New User" option at the top.</br> <img src="/resources/azure/activedirectory/password-requires-uppercase/step4.png"/> | ||
| 5. On the "New User" tab, click on the "Create user".</br> <img src="/resources/azure/activedirectory/password-requires-uppercase/step5.png"/> | ||
| 6. Under the "Identity", enter details like "Username","Name", "First Name","Last Name". Select the group if required and define the role for the user.</br> <img src="/resources/azure/activedirectory/password-requires-uppercase/step6.png"/> | ||
| 7. On the "Password" tab, click on the "Let me create the password". </br> <img src="/resources/azure/activedirectory/password-requires-uppercase/step7.png"/> | ||
| 8. On the "Initial Tab" enter the password, and if the password doesn't contain any "Symbols such as @, #", then the Azure will automatically show the error message.</br> <img src="/resources/azure/activedirectory/password-requires-uppercase/step8.png"/> | ||
| 9. Repeat the above steps to create New User with pre-defined "Password Requires Uppercase".</br> |
This file was deleted.
Oops, something went wrong.
This file was deleted.
Oops, something went wrong.
Oops, something went wrong.