Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Support for 30 day guardrails #58

Closed
KingBain opened this issue Nov 10, 2021 · 6 comments
Closed

Support for 30 day guardrails #58

KingBain opened this issue Nov 10, 2021 · 6 comments
Assignees
Labels
documentation Improvements or additions to documentation enhancement New feature or request good first issue Good for newcomers regulatory compliance
Milestone

Comments

@KingBain
Copy link

KingBain commented Nov 10, 2021

Was wondering if anyone had looked at converting the cloud guardrails for cloud profile 3 into the custom policies in this repo.

I know some of the documentation for controls has been uploaded here
https://github.com/canada-ca/cloud-guardrails-azure

and here

https://github.com/canada-ca/cloud-guardrails

@obrien-j
Copy link
Contributor

Thanks for the bump John, this is definitely on our roadmap. Happy to take community PR's though if others are interested in pitching in!

@SenthuranSivananthan SenthuranSivananthan added documentation Improvements or additions to documentation enhancement New feature or request good first issue Good for newcomers regulatory compliance labels Nov 11, 2021
@KingBain
Copy link
Author

KingBain commented Nov 24, 2021

I need a bit of help with how you would do this. IMO, not a good first issue :)

I have a bit of code that enabled the conditional access MFA of guardrail 1.

See

$conditions = New-Object -TypeName Microsoft.Open.MSGraph.Model.ConditionalAccessConditionSet
$conditions.Applications = New-Object -TypeName Microsoft.Open.MSGraph.Model.ConditionalAccessApplicationCondition
$conditions.Applications.IncludeApplications = "797f4846-ba00-4fd7-ba43-dac1f8f63013" #Azure Management Application

$conditions.Users = New-Object -TypeName Microsoft.Open.MSGraph.Model.ConditionalAccessUserCondition
$conditions.Users.IncludeUsers = "all"
$conditions.Users.ExcludeGroups = "" #Exclude BreakGlass Group ID

$controls = New-Object -TypeName Microsoft.Open.MSGraph.Model.ConditionalAccessGrantControls
$controls._Operator = "OR"
$controls.BuiltInControls = "mfa"

New-AzureADMSConditionalAccessPolicy -DisplayName "Guard Rail 1  - Enable MFA" -State "enabled" -Conditions $conditions -GrantControls $controls

unsure of how to actually shim a power shell script into the directory structure you have here and then, how to creat the appropriate pipeline.

@igomaa
Copy link
Contributor

igomaa commented Jan 30, 2022

Was wondering if anyone had looked at converting the cloud guardrails for cloud profile 3 into the custom policies in this repo.

I know some of the documentation for controls has been uploaded here https://github.com/canada-ca/cloud-guardrails-azure

and here

https://github.com/canada-ca/cloud-guardrails

Hello @KingBain ,
I just saw your comments, Fasttrack for Azure have a solution accelerator for Guardrails audit and mitigation, please let me know if you are interested.

@KingBain
Copy link
Author

KingBain commented Jan 31, 2022

I just saw your comments, Fasttrack for Azure have a solution accelerator for Guardrails audit and mitigation, please let me know if you are interested.

Hey @igomaa I am very interested in this.

I was working to codify some of the 30 day rails, where possible but was running into challenges where configuring certain aspects of Azure wasnt possible. Like managing the private market place.

@jeffbarnes709
Copy link

Hi @igomaa and @KingBain - certainly interested as well. Especially in relation to applying Policy Initiatives to Azure resources

@SenthuranSivananthan
Copy link
Contributor

Closed via #226 and #229

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
documentation Improvements or additions to documentation enhancement New feature or request good first issue Good for newcomers regulatory compliance
Projects
None yet
Development

No branches or pull requests

6 participants