Skip to content

Commit 9cadf1f

Browse files
AkhtarAmirAkhtarAmir
AkhtarAmir
authored and
AkhtarAmir
committed
update active directory to entra id
1 parent 172e3fc commit 9cadf1f

14 files changed

+32
-32
lines changed

docs/azure.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
# CloudSploit For Microsoft Azure
22

33
## Cloud Provider Configuration
4-
1. Log into your Azure Portal and navigate to the Azure Active Directory service.
4+
1. Log into your Azure Portal and navigate to the Azure Entra ID service.
55
1. Select App registrations and then click on New registration.
66
1. Enter "CloudSploit" and/or a descriptive name in the Name field, take note of it, it will be used again in step 3.
77
1. Leave the "Supported account types" default: "Accounts in this organizational directory only (YOURDIRECTORYNAME)".

exports.js

Lines changed: 8 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -1039,14 +1039,14 @@ module.exports = {
10391039
'endpointLoggingEnabled' : require(__dirname + '/plugins/azure/cdnprofiles/endpointLoggingEnabled.js'),
10401040
'detectInsecureCustomOrigin' : require(__dirname + '/plugins/azure/cdnprofiles/detectInsecureCustomOrigin.js'),
10411041

1042-
'passwordRequiresLowercase' : require(__dirname + '/plugins/azure/activedirectory/passwordRequiresLowercase.js'),
1043-
'passwordRequiresNumbers' : require(__dirname + '/plugins/azure/activedirectory/passwordRequiresNumbers.js'),
1044-
'passwordRequiresSymbols' : require(__dirname + '/plugins/azure/activedirectory/passwordRequiresSymbols.js'),
1045-
'passwordRequiresUppercase' : require(__dirname + '/plugins/azure/activedirectory/passwordRequiresUppercase.js'),
1046-
'minPasswordLength' : require(__dirname + '/plugins/azure/activedirectory/minPasswordLength.js'),
1047-
'ensureNoGuestUser' : require(__dirname + '/plugins/azure/activedirectory/ensureNoGuestUser.js'),
1048-
'noCustomOwnerRoles' : require(__dirname + '/plugins/azure/activedirectory/noCustomOwnerRoles.js'),
1049-
'appOrgnaizationalDirectoryAccess' : require(__dirname + '/plugins/azure/activedirectory/appOrgnaizationalDirectoryAccess.js'),
1042+
'passwordRequiresLowercase' : require(__dirname + '/plugins/azure/entraid/passwordRequiresLowercase.js'),
1043+
'passwordRequiresNumbers' : require(__dirname + '/plugins/azure/entraid/passwordRequiresNumbers.js'),
1044+
'passwordRequiresSymbols' : require(__dirname + '/plugins/azure/entraid/passwordRequiresSymbols.js'),
1045+
'passwordRequiresUppercase' : require(__dirname + '/plugins/azure/entraid/passwordRequiresUppercase.js'),
1046+
'minPasswordLength' : require(__dirname + '/plugins/azure/entraid/minPasswordLength.js'),
1047+
'ensureNoGuestUser' : require(__dirname + '/plugins/azure/entraid/ensureNoGuestUser.js'),
1048+
'noCustomOwnerRoles' : require(__dirname + '/plugins/azure/entraid/noCustomOwnerRoles.js'),
1049+
'appOrgnaizationalDirectoryAccess' : require(__dirname + '/plugins/azure/entraid/appOrgnaizationalDirectoryAccess.js'),
10501050

10511051
'dbAuditingEnabled' : require(__dirname + '/plugins/azure/sqldatabases/dbAuditingEnabled.js'),
10521052
'dbDataMaskingEnabled' : require(__dirname + '/plugins/azure/sqldatabases/dbDataMaskingEnabled.js'),

helpers/azure/api.js

Lines changed: 7 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -260,21 +260,21 @@ var serviceMap = {
260260
BridgeCollectionService: 'wafpolicies', DataIdentifier: 'data',
261261
}
262262
],
263-
'Active Directory': [
263+
'Entra ID': [
264264
{
265265
enabled: true, isSingleSource: true, InvAsset: 'activeDirectory', InvService: 'activeDirectory',
266266
InvResourceCategory: 'cloud_resources', InvResourceType: 'Roles', BridgeServiceName: 'roledefinitions',
267-
BridgePluginCategoryName: 'Active Directory', BridgeProvider: 'Azure', BridgeCall: 'list',
267+
BridgePluginCategoryName: 'Entra ID', BridgeProvider: 'Azure', BridgeCall: 'list',
268268
BridgeArnIdentifier: '', BridgeIdTemplate: '', BridgeResourceType: 'roleDefinitions',
269-
BridgeResourceNameIdentifier: 'name', BridgeExecutionService: 'Active Directory',
269+
BridgeResourceNameIdentifier: 'name', BridgeExecutionService: 'Entra ID',
270270
BridgeCollectionService: 'roledefinitions', DataIdentifier: 'data',
271271
},
272272
{
273273
enabled: true, isSingleSource: true, InvAsset: 'activeDirectory', InvService: 'activeDirectory',
274274
InvResourceCategory: 'cloud_resources', InvResourceType: 'Application', BridgeServiceName: 'applications',
275-
BridgePluginCategoryName: 'Active Directory', BridgeProvider: 'Azure', BridgeCall: 'list',
275+
BridgePluginCategoryName: 'Entra ID', BridgeProvider: 'Azure', BridgeCall: 'list',
276276
BridgeArnIdentifier: '', BridgeIdTemplate: '', BridgeResourceType: '',
277-
BridgeResourceNameIdentifier: 'name', BridgeExecutionService: 'Active Directory',
277+
BridgeResourceNameIdentifier: 'name', BridgeExecutionService: 'Entra ID',
278278
BridgeCollectionService: 'applications', DataIdentifier: 'data',
279279
}
280280
]
@@ -486,7 +486,7 @@ var calls = {
486486
list: {
487487
url: 'https://management.azure.com/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions?api-version=2015-07-01'
488488
},
489-
sendIntegration: serviceMap['Active Directory'][0]
489+
sendIntegration: serviceMap['Entra ID'][0]
490490
},
491491
managementLocks: {
492492
listAtSubscriptionLevel: {
@@ -519,7 +519,7 @@ var calls = {
519519
url: 'https://graph.microsoft.com/v1.0/applications/',
520520
graph: true,
521521
},
522-
sendIntegration: serviceMap['Active Directory'][1]
522+
sendIntegration: serviceMap['Entra ID'][1]
523523
},
524524
automationAccounts: {
525525
list: {

plugins/azure/activedirectory/appOrgnaizationalDirectoryAccess.js renamed to plugins/azure/entraid/appOrgnaizationalDirectoryAccess.js

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -3,12 +3,12 @@ const helpers = require('../../../helpers/azure');
33

44
module.exports = {
55
title: 'Azure AD App Organizational Directory Access',
6-
category: 'Active Directory',
6+
category: 'Entra ID',
77
domain: 'Identity and Access Management',
88
severity: 'Medium',
9-
description: 'Ensures that Azure Active Directory applications are accessible to accounts in organisational directory only.',
9+
description: 'Ensures that Azure Entra ID applications are accessible to accounts in organisational directory only.',
1010
more_info: 'AAD provides different types of account access. By using single-tenant authentication, the impact gets limited to the application’s tenant i.e. all users from the same tenant could connect to the application and save app from unauthorised access.',
11-
link: 'https://learn.microsoft.com/en-us/azure/active-directory/develop/single-and-multi-tenant-apps',
11+
link: 'https://learn.microsoft.com/en-us/entra/identity-platform/single-and-multi-tenant-apps',
1212
recommended_action: 'Modify the Azure app authentication setting and provide access to accounts in organisational directory only',
1313
apis: ['applications:list'],
1414

plugins/azure/activedirectory/appOrgnaizationalDirectoryAccess.spec.js renamed to plugins/azure/entraid/appOrgnaizationalDirectoryAccess.spec.js

File renamed without changes.

plugins/azure/activedirectory/ensureNoGuestUser.js renamed to plugins/azure/entraid/ensureNoGuestUser.js

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -3,13 +3,13 @@ const helpers = require('../../../helpers/azure');
33

44
module.exports = {
55
title: 'Ensure No Guest User',
6-
category: 'Active Directory',
6+
category: 'Entra ID',
77
domain: 'Identity and Access Management',
88
severity: 'Medium',
99
description: 'Ensures that there are no guest users in the subscription',
1010
more_info: 'Guest users are usually users that are invited from outside the company structure, these users are not part of the onboarding/offboarding process and could be overlooked, causing security vulnerabilities.',
11-
link: 'https://learn.microsoft.com/en-us/azure/active-directory/b2b/add-users-administrator',
12-
recommended_action: 'Remove all guest users unless they are required to be members of the Active Directory account.',
11+
link: 'https://learn.microsoft.com/en-us/entra/external-id/add-users-administrator',
12+
recommended_action: 'Remove all guest users unless they are required to be members of the Entra ID account.',
1313
apis: ['users:list'],
1414

1515
run: function(cache, settings, callback) {

plugins/azure/activedirectory/ensureNoGuestUser.spec.js renamed to plugins/azure/entraid/ensureNoGuestUser.spec.js

File renamed without changes.

plugins/azure/activedirectory/minPasswordLength.js renamed to plugins/azure/entraid/minPasswordLength.js

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -3,12 +3,12 @@ const helpers = require('../../../helpers/azure');
33

44
module.exports = {
55
title: 'Minimum Password Length',
6-
category: 'Active Directory',
6+
category: 'Entra ID',
77
domain: 'Identity and Access Management',
88
severity: 'Low',
99
description: 'Ensures that all Azure passwords require a minimum length',
1010
more_info: 'Azure handles most password policy settings, including the minimum password length, defaulted to 8 characters.',
11-
link: 'https://learn.microsoft.com/en-us/azure/active-directory/authentication/concept-sspr-policy#password-policies-that-only-apply-to-cloud-user-accounts',
11+
link: 'https://learn.microsoft.com/en-us/entra/identity/authentication/concept-sspr-policy#password-policies-that-only-apply-to-cloud-user-accounts',
1212
recommended_action: 'No action necessary. Azure handles password requirement settings.',
1313
apis: ['resources:list'],
1414

plugins/azure/activedirectory/noCustomOwnerRoles.js renamed to plugins/azure/entraid/noCustomOwnerRoles.js

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -3,7 +3,7 @@ const helpers = require('../../../helpers/azure');
33

44
module.exports = {
55
title: 'No Custom Owner Roles',
6-
category: 'Active Directory',
6+
category: 'Entra ID',
77
domain: 'Identity and Access Management',
88
severity: 'Medium',
99
description: 'Ensures that no custom owner roles exist.',

plugins/azure/activedirectory/noCustomOwnerRoles.spec.js renamed to plugins/azure/entraid/noCustomOwnerRoles.spec.js

File renamed without changes.

0 commit comments

Comments
 (0)