Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update AAD MS.AAD.3.2v1 to be dependent on MS.AAD.3.1v1 #409

Closed
2 tasks
tkol2022 opened this issue Jul 3, 2023 · 1 comment · Fixed by #441
Closed
2 tasks

Update AAD MS.AAD.3.2v1 to be dependent on MS.AAD.3.1v1 #409

tkol2022 opened this issue Jul 3, 2023 · 1 comment · Fixed by #441
Assignees
@crutchfield
Labels
enhancement This issue or pull request will add new or improve existing functionality
Milestone
Emerald

Comments

@tkol2022
Copy link
Collaborator

tkol2022 commented Jul 3, 2023
edited by crutchfield
Loading

💡 Summary

Update the Rego code for MS.AAD.3.2v1 If Phishing-resistant MFA has not been enforced yet, then an alternative MFA method SHALL be enforced for all users to be dependent on MS.AAD.3.1v1 Phishing-resistant MFA SHALL be enforced for all users.

  • If policy MS.AAD.3.1v1 Passes, then this policy MS.AAD.3.2v1 will automatically Pass. See the way the OneDrive expiration date for Anyone links is dependent on a different setting for an example.
  • If policy MS.AAD.3.1v1 Fails, then the existing Rego code for MS.AAD.3.2v1 should be applied to evaluate the policy (i.e. checking for a conditional access policy that requires MFA but does not dictate the specific type of MFA). See the instructions section as a reference for the conditional access policy template but again this code already exists in the Rego.

dependsOn #433

Acceptance criteria

How do we know when this work is done?

  • Test the code for all possible value combinations of MS.AAD.3.1v1 and MS.AAD.3.2v1 to ensure that the report produces an accurate Pass or Fail
  • Test in all tenants
@tkol2022 tkol2022 added the enhancement This issue or pull request will add new or improve existing functionality label Jul 3, 2023
@tkol2022 tkol2022 added this to the Emerald milestone Jul 3, 2023
@crutchfield crutchfield self-assigned this Jul 11, 2023
@crutchfield crutchfield mentioned this issue Jul 17, 2023
Merged
10 tasks
@crutchfield
Copy link
Contributor

Closed with #441

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@crutchfield crutchfield

Labels
enhancement This issue or pull request will add new or improve existing functionality
Projects
None yet
Milestone
Emerald
2 participants
@crutchfield @tkol2022