Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(microsoft365): add new check entra_policy_ensure_default_user_cannot_create_tenants #6918

Merged
merged 18 commits into from
Feb 27, 2025
Merged

feat(microsoft365): add new check entra_policy_ensure_default_user_cannot_create_tenants #6918

merged 18 commits into from
Feb 27, 2025

Conversation

HugoPBrito
Copy link
Member

Context

In Microsoft Entra ID, non-administrative users can create new tenants, which results in them becoming the Global Administrator of that tenant. This can lead to shadow IT, where unauthorized environments are created without proper security controls, making it difficult for IT teams to manage and secure data.

Description

This check ensures that non-admin users are restricted from creating new tenants in Microsoft Entra ID. By setting this restriction to "Yes", organizations can prevent uncontrolled tenant creation, ensuring that all new tenants are properly managed and secured under IT governance.

Checklist

API

  • Verify if API specs need to be regenerated.
  • Check if version updates are required (e.g., specs, Poetry, etc.).
  • Ensure new entries are added to CHANGELOG.md, if applicable.

License

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

@HugoPBrito HugoPBrito requested review from a team as code owners February 13, 2025 11:52
@codecov Codecov
Copy link

codecov bot commented Feb 13, 2025
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 88.71%. Comparing base (337a46c) to head (2856a19).
Report is 11 commits behind head on master.

Additional details and impacted files 
@@            Coverage Diff             @@
##           master    #6918      +/-   ##
==========================================
+ Coverage   88.64%   88.71%   +0.06%     
==========================================
  Files        1200     1201       +1     
  Lines       34652    34847     +195     
==========================================
+ Hits        30718    30914     +196     
+ Misses       3934     3933       -1
Flag Coverage Δ
prowler 88.71% <100.00%> (+0.06%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

Components Coverage Δ
prowler 88.71% <100.00%> (+0.06%) ⬆️
api ∅ <ø> (∅)

@HugoPBrito HugoPBrito added need information no-merge Please, DO NOT MERGE this PR. and removed need information labels Feb 19, 2025
@HugoPBrito
Copy link
Member Author

Do not merge this PR until changes from #6952 are applied to this check

@HugoPBrito HugoPBrito removed the no-merge Please, DO NOT MERGE this PR. label Feb 24, 2025
MrCloudSec
MrCloudSec approved these changes Feb 27, 2025
View reviewed changes
Copy link
Member

@MrCloudSec MrCloudSec left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👏🏼 👏🏼 👏🏼

@MrCloudSec MrCloudSec merged commit 0f414e4 into master Feb 27, 2025
12 checks passed
@MrCloudSec MrCloudSec deleted the PRWLR-5767-ensure-restrict-non-admin-users-from-creating-tenants-is-set-to-yes branch February 27, 2025 09:31
cesararroba pushed a commit that referenced this pull request Mar 3, 2025
@HugoPBrito @MrCloudSec @cesararroba
feat(microsoft365): add new check `entra_policy_ensure_default_user_c…
1056c27 
…annot_create_tenants` (#6918)

Co-authored-by: MrCloudSec <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@MrCloudSec MrCloudSec MrCloudSec approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@HugoPBrito @MrCloudSec