Skip to content

Commit 6b83615

Browse files
add test markdown
1 parent 24bdde2 commit 6b83615

1 file changed

Lines changed: 17 additions & 0 deletions

File tree

  • PowerShell/ScubaGear/baselines

PowerShell/ScubaGear/baselines/aad.md

Lines changed: 17 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -179,6 +179,23 @@ Sign-ins detected as high risk SHALL be blocked.
179179
- [T1078: Valid Accounts](https://attack.mitre.org/techniques/T1078/)
180180
- [T1078.004: Cloud Accounts](https://attack.mitre.org/techniques/T1078/004/)
181181

182+
#### MS.AAD.2.4v1
183+
Test policy SHALL display in ScubaBaselines.json.
184+
185+
[![BOD 25-01 Requirement](https://img.shields.io/badge/BOD_25--01_Requirement-C41230)](https://www.cisa.gov/news-events/directives/bod-25-01-implementation-guidance-implementing-secure-practices-cloud-services)
186+
[![Automated Check](https://img.shields.io/badge/Automated_Check-5E9732)](#key-terminology)
187+
[![Configurable](https://img.shields.io/badge/Configurable-005288)](../../../docs/configuration/configuration.md#conditional-access-policy-exclusions)
188+
189+
<!--Policy: MS.AAD.2.3v1; Criticality: SHALL -->
190+
<!--ExclusionType: CapExclusions-->
191+
- _Rationale:_ This prevents compromised accounts from accessing the tenant.
192+
- _Last modified:_ June 2023
193+
- _NIST SP 800-53 Rev. 5 FedRAMP High Baseline Mapping:_ AC-2(12), AC-2(13)
194+
- _MITRE ATT&CK TTP Mapping:_
195+
- [T1078: Valid Accounts](https://attack.mitre.org/techniques/T1078/)
196+
- [T1078.004: Cloud Accounts](https://attack.mitre.org/techniques/T1078/004/)
197+
- [T1078.004: Cloud Accounts 123](https://attack.mitre.org/techniques/T1078/004/)
198+
182199
### Resources
183200

184201
- [What are risk detections?](https://learn.microsoft.com/en-us/entra/id-protection/concept-identity-protection-risks)

0 commit comments

Comments
 (0)