feat(microsoft365): add new check entra_admin_users_sign_in_frequency_enabled

[HugoPBrito]

Context

In Microsoft Entra ID, authentication sessions for administrative users must be carefully managed to reduce security risks. Persistent browser sessions and long reauthentication intervals can increase the risk of unauthorized access, especially if an administrator's session remains active on a compromised or shared device.

Conditional Access policies allow organizations to enforce stricter authentication requirements for high-privileged users, ensuring security best practices are followed.

Description

This check ensures that Sign-in frequency is enabled and that browser sessions are not persistent for administrative users in Microsoft Entra ID. Organizations should enforce periodic reauthentication to no more than 4 hours for tenants.

Additionally, the Persistent browser session setting should be configured to Never persistent to prevent session cookies from being stored, reducing the risk of session hijacking. Implementing these policies helps minimize attack surfaces by requiring administrators to authenticate frequently and preventing session persistence across browsing sessions.

Checklist

• Are there new checks included in this PR? Yes/
  • If so, do we need to update permissions for the provider? No.
• Review if the code is being covered by tests.
• Review if code is being documented following this specification https://github.com/google/styleguide/blob/gh-pages/pyguide.md#38-comments-and-docstrings
• Review if backport is needed.
• Review if is needed to change the Readme.md

API

• Verify if API specs need to be regenerated.
• Check if version updates are required (e.g., specs, Poetry, etc.).
• Ensure new entries are added to CHANGELOG.md, if applicable.

License

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

[codecov]

Codecov Report

Attention: Patch coverage is 95.18072% with 4 lines in your changes missing coverage. Please review.

Project coverage is 88.68%. Comparing base (c5e9767) to head (3be0ed3).
Report is 1 commits behind head on master.

Additional details and impacted files

@@            Coverage Diff             @@
##           master    #7020      +/-   ##
==========================================
- Coverage   88.70%   88.68%   -0.02%     
==========================================
  Files        1200     1201       +1     
  Lines       34832    34915      +83     
==========================================
+ Hits        30897    30966      +69     
- Misses       3935     3949      +14     

Flag	Coverage Δ
prowler	88.68% <95.18%> (-0.02%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

Components	Coverage Δ
prowler	88.68% <95.18%> (-0.02%)	⬇️
api	∅ <ø> (∅)

[MrCloudSec]

Suggested change

	resource=entra_client.conditional_access_policies,
	resource={},

We cannot pass a dict as a resource.

[MrCloudSec]

Suggested change

	resource=entra_client.conditional_access_policies,
	resource=policy,

Same here, we cannot pass the entire dictionary as a resource.

[MrCloudSec]

We are not checking the period of the sign-in frequency, only if it is enabled. Check if it is necessary to check the period, please.