fix: entraid resources

mohamadch91 · mohamadch91 · commit 7a7f4143e87c · 2025-01-31T22:28:49.000+03:30
diff --git a/compliance/controls/azure/azure_ad_guest_user_reviewed_monthly.yaml b/compliance/controls/azure/azure_ad_guest_user_reviewed_monthly.yaml
@@ -4,6 +4,7 @@ type: control
 description: Guest users allow you to share your company's applications and services with users from any other organization, while maintaining control over your own corporate data. Guest users should be review on a monthly basis to ensure that inactive and unneeded accounts are removed.
 integration_type:
 - azure_subscription
+- entraid_directory
 parameters: []
 policy:
   language: sql
diff --git a/compliance/controls/azure/azure_cis_v130_1_3.yaml b/compliance/controls/azure/azure_cis_v130_1_3.yaml
@@ -4,6 +4,7 @@ type: control
 description: Guest users allow you to share your company's applications and services with users from any other organization, while maintaining control over your own corporate data. Guest users should be review on a monthly basis to ensure that inactive and unneeded accounts are removed.
 integration_type:
 - azure_subscription
+- entraid_directory
 parameters: []
 policy:
   language: sql
diff --git a/compliance/controls/azure/azure_cis_v140_1_3.yaml b/compliance/controls/azure/azure_cis_v140_1_3.yaml
@@ -4,6 +4,7 @@ type: control
 description: Guest users allow you to share your company's applications and services with users from any other organization, while maintaining control over your own corporate data. Guest users should be review on a monthly basis to ensure that inactive and unneeded accounts are removed.
 integration_type:
 - azure_subscription
+- entraid_directory
 parameters: []
 policy:
   language: sql
diff --git a/compliance/controls/azure/azure_cis_v150_1_14.yaml b/compliance/controls/azure/azure_cis_v150_1_14.yaml
@@ -4,6 +4,7 @@ type: control
 description: Require administrators or appropriately delegated users to register third-party applications.
 integration_type:
 - azure_subscription
+- entraid_directory
 parameters: []
 policy:
   language: sql
diff --git a/compliance/controls/azure/azure_cis_v150_1_19.yaml b/compliance/controls/azure/azure_cis_v150_1_19.yaml
@@ -4,6 +4,7 @@ type: control
 description: Restrict security group creation to administrators only.
 integration_type:
 - azure_subscription
+- entraid_directory
 parameters: []
 policy:
   language: sql
diff --git a/compliance/controls/azure/azure_cis_v150_1_2_6.yaml b/compliance/controls/azure/azure_cis_v150_1_2_6.yaml
@@ -4,6 +4,7 @@ type: control
 description: For designated users, they will be prompted to use their multi-factor authentication(MFA) process on logins.
 integration_type:
 - azure_subscription
+- entraid_directory
 parameters: []
 policy:
   language: sql
diff --git a/compliance/controls/azure/azure_cis_v150_1_4.yaml b/compliance/controls/azure/azure_cis_v150_1_4.yaml
@@ -4,6 +4,7 @@ type: control
 description: Azure AD is extended to include Azure AD B2B collaboration, allowing you to invite people from outside your organization to be guest users in your cloud account and sign in with their own work, school, or social identities. Guest users allow you to share your company's applications and services with users from any other organization, while maintaining control over your own corporate data. Work with external partners, large or small, even if they don't have Azure AD or an IT department. A simple invitation and redemption process lets partners use their own credentials to access your company's resources as a guest user. Guest users in every subscription should be reviewed on a regular basis to ensure that inactive and unneeded accounts are removed.
 integration_type:
 - azure_subscription
+- entraid_directory
 parameters: []
 policy:
   language: sql
diff --git a/compliance/controls/azure/azure_cis_v200_1_14.yaml b/compliance/controls/azure/azure_cis_v200_1_14.yaml
@@ -4,6 +4,7 @@ type: control
 description: Require administrators or appropriately delegated users to register third-party applications.
 integration_type:
 - azure_subscription
+- entraid_directory
 parameters: []
 policy:
   language: sql
diff --git a/compliance/controls/azure/azure_cis_v200_1_19.yaml b/compliance/controls/azure/azure_cis_v200_1_19.yaml
@@ -4,6 +4,7 @@ type: control
 description: Restrict security group creation to administrators only.
 integration_type:
 - azure_subscription
+- entraid_directory
 parameters: []
 policy:
   language: sql
diff --git a/compliance/controls/azure/azure_cis_v200_1_2_6.yaml b/compliance/controls/azure/azure_cis_v200_1_2_6.yaml
@@ -4,6 +4,7 @@ type: control
 description: For designated users, they will be prompted to use their multi-factor authentication (MFA) process on logins.
 integration_type:
 - azure_subscription
+- entraid_directory
 parameters: []
 policy:
   language: sql
diff --git a/compliance/controls/azure/azure_cis_v200_1_5.yaml b/compliance/controls/azure/azure_cis_v200_1_5.yaml
@@ -4,6 +4,7 @@ type: control
 description: Azure AD is extended to include Azure AD B2B collaboration, allowing you to invite people from outside your organization to be guest users in your cloud account and sign in with their own work, school, or social identities. Guest users allow you to share your company's applications and services with users from any other organization, while maintaining control over your own corporate data. Work with external partners, large or small, even if they don't have Azure AD or an IT department. A simple invitation and redemption process lets partners use their own credentials to access your company's resources as a guest user. Guest users in every subscription should be review on a regular basis to ensure that inactive and unneeded accounts are removed.
 integration_type:
 - azure_subscription
+- entraid_directory
 parameters: []
 policy:
   language: sql
diff --git a/compliance/controls/azure/azure_iam_conditional_access_mfa_enabled.yaml b/compliance/controls/azure/azure_iam_conditional_access_mfa_enabled.yaml
@@ -4,6 +4,7 @@ type: control
 description: For designated users, they will be prompted to use their multi-factor authentication (MFA) process on logins.
 integration_type:
 - azure_subscription
+- entraid_directory
 parameters: []
 policy:
   language: sql
diff --git a/compliance/controls/azure/azure_iam_deprecated_account.yaml b/compliance/controls/azure/azure_iam_deprecated_account.yaml
@@ -4,6 +4,7 @@ type: control
 description: Deprecated accounts should be removed from your subscriptions. Deprecated accounts are accounts that have been blocked from signing in.
 integration_type:
 - azure_subscription
+- entraid_directory
 parameters: []
 policy:
   language: sql
diff --git a/compliance/controls/azure/azure_iam_deprecated_account_with_owner_roles.yaml b/compliance/controls/azure/azure_iam_deprecated_account_with_owner_roles.yaml
@@ -4,6 +4,7 @@ type: control
 description: Deprecated accounts with owner permissions should be removed from your subscription. Deprecated accounts are accounts that have been blocked from signing in.
 integration_type:
 - azure_subscription
+- entraid_directory
 parameters: []
 policy:
   language: sql
diff --git a/compliance/controls/azure/azure_iam_external_user_with_owner_role.yaml b/compliance/controls/azure/azure_iam_external_user_with_owner_role.yaml
@@ -4,6 +4,7 @@ type: control
 description: External accounts with owner permissions should be removed from your subscription in order to prevent unmonitored access.
 integration_type:
 - azure_subscription
+- entraid_directory
 parameters: []
 policy:
   language: sql
diff --git a/compliance/controls/azure/azure_iam_external_user_with_read_permission.yaml b/compliance/controls/azure/azure_iam_external_user_with_read_permission.yaml
@@ -4,6 +4,7 @@ type: control
 description: External accounts with read privileges should be removed from your subscription in order to prevent unmonitored access.
 integration_type:
 - azure_subscription
+- entraid_directory
 parameters: []
 policy:
   language: sql
diff --git a/compliance/controls/azure/azure_iam_external_user_with_write_permission.yaml b/compliance/controls/azure/azure_iam_external_user_with_write_permission.yaml
@@ -4,6 +4,7 @@ type: control
 description: External accounts with write privileges should be removed from your subscription in order to prevent unmonitored access.
 integration_type:
 - azure_subscription
+- entraid_directory
 parameters: []
 policy:
   language: sql
diff --git a/compliance/controls/azure/azure_iam_user_no_built_in_contributor_role.yaml b/compliance/controls/azure/azure_iam_user_no_built_in_contributor_role.yaml
@@ -4,6 +4,7 @@ type: control
 description: Ensure that IAM user does not have built in contributor role. This rule is non-compliant if IAM user have built in contributor role.
 integration_type:
 - azure_subscription
+- entraid_directory
 parameters: []
 policy:
   language: sql
diff --git a/compliance/controls/azure/azure_iam_user_not_allowed_to_create_security_group.yaml b/compliance/controls/azure/azure_iam_user_not_allowed_to_create_security_group.yaml
@@ -4,6 +4,7 @@ type: control
 description: Restrict security group creation to administrators only.
 integration_type:
 - azure_subscription
+- entraid_directory
 parameters: []
 policy:
   language: sql
diff --git a/compliance/controls/azure/azure_iam_user_not_allowed_to_create_tenants.yaml b/compliance/controls/azure/azure_iam_user_not_allowed_to_create_tenants.yaml
@@ -4,6 +4,7 @@ type: control
 description: Restrict tenant creation to administrators only.
 integration_type:
 - azure_subscription
+- entraid_directory
 parameters: []
 policy:
   language: sql
diff --git a/compliance/controls/azure/azure_iam_user_not_allowed_to_register_application.yaml b/compliance/controls/azure/azure_iam_user_not_allowed_to_register_application.yaml
@@ -4,6 +4,7 @@ type: control
 description: Require administrators or appropriately delegated users to register third-party applications.
 integration_type:
 - azure_subscription
+- entraid_directory
 parameters: []
 policy:
   language: sql
diff --git a/compliance/controls/azure/azuread_spn_with_more_than_one_active_client_secret_created_x_days_ago.yaml b/compliance/controls/azure/azuread_spn_with_more_than_one_active_client_secret_created_x_days_ago.yaml
@@ -4,6 +4,7 @@ type: control
 description: SPNs in AzureAD should not have more than one active Client Secret created X days ago
 integration_type:
 - azure_subscription
+- entraid_directory
 parameters:
 - key: entraidClientSecretExpireDays
   value: ""
