File tree Expand file tree Collapse file tree
PowerShell/ScubaGear/baselines Expand file tree Collapse file tree Original file line number Diff line number Diff line change @@ -179,6 +179,23 @@ Sign-ins detected as high risk SHALL be blocked.
179179 - [ T1078: Valid Accounts] ( https://attack.mitre.org/techniques/T1078/ )
180180 - [ T1078.004: Cloud Accounts] ( https://attack.mitre.org/techniques/T1078/004/ )
181181
182+ #### MS.AAD.2.4v1
183+ Test policy SHALL display in ScubaBaselines.json.
184+
185+ [ ![ BOD 25-01 Requirement] ( https://img.shields.io/badge/BOD_25--01_Requirement-C41230 )] ( https://www.cisa.gov/news-events/directives/bod-25-01-implementation-guidance-implementing-secure-practices-cloud-services )
186+ [ ![ Automated Check] ( https://img.shields.io/badge/Automated_Check-5E9732 )] ( #key-terminology )
187+ [ ![ Configurable] ( https://img.shields.io/badge/Configurable-005288 )] ( ../../../docs/configuration/configuration.md#conditional-access-policy-exclusions )
188+
189+ <!-- Policy: MS.AAD.2.3v1; Criticality: SHALL -->
190+ <!-- ExclusionType: CapExclusions-->
191+ - _ Rationale:_ This prevents compromised accounts from accessing the tenant.
192+ - _ Last modified:_ June 2023
193+ - _ NIST SP 800-53 Rev. 5 FedRAMP High Baseline Mapping:_ AC-2(12), AC-2(13)
194+ - _ MITRE ATT&CK TTP Mapping:_
195+ - [ T1078: Valid Accounts] ( https://attack.mitre.org/techniques/T1078/ )
196+ - [ T1078.004: Cloud Accounts] ( https://attack.mitre.org/techniques/T1078/004/ )
197+ - [ T1078.004: Cloud Accounts 123] ( https://attack.mitre.org/techniques/T1078/004/ )
198+
182199### Resources
183200
184201- [ What are risk detections?] ( https://learn.microsoft.com/en-us/entra/id-protection/concept-identity-protection-risks )
You can’t perform that action at this time.
0 commit comments