Framework/Configurations/SVT/AAD/AAD.Group.json
{ "FeatureName": "Group", "Reference": "aka.ms/azsktcp/group", "IsMaintenanceMode": false, "Controls": [ { "ControlID": "AAD_Group_Use_Security_Enabled", "Description": "All AAD groups must be security enabled (TBD)", "Id": "Group110", "ControlSeverity": "High", "Automated": "Yes", "MethodName": "CheckGroupsIsSecurityEnabled", "Rationale": "TBD. Need to discuss/review this further.", "Recommendation": "Refer: TODO", "Tags": [ "SDL", "TCP", "Manual", "AuthZ", "RBAC" ], "Enabled": true }, { "ControlID": "AAD_Group_Require_FTE_Owner", "Description": "Group must have at least one non-guest (native) owner", "Id": "Group120", "ControlSeverity": "Medium", "Automated": "Yes", "MethodName": "CheckGroupHasNonGuestOwner", "Rationale": "Guest users in a tenant can be transient. Ensuring that at least one FTE owner is accountable for managing a group, approving/reviewing membership, etc. leads to better governance.", "Recommendation": "Refer: TODO", "Tags": [ "SDL", "TCP", "Manual", "AuthZ", "RBAC" ], "Enabled": true } ] } |