Skip to main content

💼 General Access Controls

  • ID: /frameworks/cloudaware/identity-and-access-governance/general-access-controls

Description

Policies that define baseline access permissions, tenant/org guardrails, and privileged defaults.

Similar

Sub Sections

SectionSub SectionsInternal RulesPoliciesFlagsCompliance

Policies (18)

PolicyLogic CountFlagsCompliance
🛡️ AWS CloudTrail IAM Policy Changes Monitoring is not enabled🟢⚪🟢 x2, ⚪ x1no data
🛡️ AWS IAM AWSCloudShellFullAccess Policy is attached🟢1🟢 x6no data
🛡️ AWS IAM Policy allows full administrative privileges🟢1🟢 x6no data
🛡️ Azure Subscription Leaving Microsoft Entra ID Directory and Subscription Entering Microsoft Entra ID Directory is not set to Permit No One🟢⚪🟢 x2, ⚪ x1no data
🛡️ Microsoft Entra ID Conditional Access By Location is not defined🟢⚪🟢 x2, ⚪ x1no data
🛡️ Microsoft Entra ID Default User Role can create tenants🟢1🟢 x6no data
🛡️ Microsoft Entra ID Device Code Authentication Flow is not restricted🟢⚪🟢 x2, ⚪ x1no data
🛡️ Microsoft Entra ID Guest Invite Settings is not set to Only Users Assigned To Specific Admin Roles Can Invite Guest Users🟢1🟢 x6no data
🛡️ Microsoft Entra ID Named Locations are not defined🟢⚪🟢 x2, ⚪ x1no data
🛡️ Microsoft Entra ID Restrict User Ability To Access Groups Features In The Access Pane is set to No🟢⚪🟢 x2, ⚪ x1no data
🛡️ Microsoft Entra ID Security Defaults are not enabled🟢1🟢 x6no data
🛡️ Microsoft Entra ID Token Protection Conditional Access policy is not selected🟢⚪🟢 x2, ⚪ x1no data
🛡️ Microsoft Entra ID User Consent For Applications is not set to Allow From Verified Publishers🟢⚪🟢 x2, ⚪ x1no data
🛡️ Microsoft Entra ID User Consent For Applications is not set to Do Not Allow User Consent🟢⚪🟢 x2, ⚪ x1no data
🛡️ Microsoft Entra ID User Settings Restrict Access To Microsoft Entra Admin Center is set to No🟢⚪🟢 x2, ⚪ x1no data
🛡️ Microsoft Entra ID Users Can Create Microsoft 365 Groups In Azure Portals, API Or PowerShell is set to Yes🟢⚪🟢 x2, ⚪ x1no data
🛡️ Microsoft Entra ID Users Can Create Security Groups In Azure Portals, API Or PowerShell is set to Yes🟢⚪🟢 x2, ⚪ x1no data
🛡️ Microsoft Entra ID Users Can Register Applications is set to Yes🟢1🟢 x6no data