Skip to main content

πŸ’Ό User Account Management

  • Contextual name: πŸ’Ό User Account Management
  • ID: /frameworks/cloudaware/identity-and-access-governance/user-account-management
  • Located in: πŸ’Ό Identity & Access Governance

Description​

Policies for identifying excessive or improperly configured user accounts.

Similar​

Sub Sections​

SectionSub SectionsInternal RulesPoliciesFlags

Policies (17)​

PolicyLogic CountFlags
πŸ“ AWS CloudTrail Root Account Usage Monitoring is not enabled 🟒🟒 x3
πŸ“ AWS IAM User has inline or directly attached policies 🟒1🟠 x1, 🟒 x5
πŸ“ AWS IAM User is not managed centrally in multi-account environments 🟒🟒 x3
πŸ“ Microsoft Entra ID Admin accounts are not used for daily operations 🟒🟒 x3
πŸ“ Microsoft Entra ID Guest Invite Settings is not set to Only Users Assigned To Specific Admin Roles Can Invite Guest Users 🟒1🟒 x6
πŸ“ Microsoft Entra ID Guest Users are not reviewed on a regular basis 🟒🟒 x3
πŸ“ Microsoft Entra ID Guest Users restricted to their own directory objects 🟒1🟒 x6
πŸ“ Microsoft Entra ID Owners Can Manage Group Membership Requests In The Access Panel is set to Yes 🟒🟒 x3
πŸ“ Microsoft Entra ID Restrict User Ability To Access Groups Features In The Access Pane is set to No 🟒🟒 x3
πŸ“ Microsoft Entra ID User Consent For Applications is not set to Allow From Verified Publishers 🟒🟒 x3
πŸ“ Microsoft Entra ID User Consent For Applications is not set to Do Not Allow User Consent 🟒🟒 x3
πŸ“ Microsoft Entra ID User Settings Restrict Access To Microsoft Entra Admin Center is set to No 🟒🟒 x3
πŸ“ Microsoft Entra ID Users Can Create Microsoft 365 Groups In Azure Portals, API Or PowerShell is set to Yes 🟒🟒 x3
πŸ“ Microsoft Entra ID Users Can Create Security Groups In Azure Portals, API Or PowerShell is set to Yes 🟒🟒 x3
πŸ“ Microsoft Entra ID Users Can Register Applications is set to Yes 🟒1🟒 x6
πŸ“ Snowflake User Default Role is ACCOUNTADMIN 🟒1🟒 x6
πŸ“ Snowflake User Default Role is not set 🟒1🟒 x6