id: azure-vm-entra-id-unenabled info: name: Azure VM Microsoft Entra ID Authentication Not Enabled author: princechaddha severity: medium description: | Ensure that your Microsoft Azure virtual machines (VMs) are configured to use Microsoft Entra ID credentials for secure SSH/RDP access. Once enabled, you can use your corporate Microsoft Entra ID credentials to log in to your virtual machines, enforce Multi-Factor Authentication (MFA), or enable access via RBAC roles. impact: | Not configuring VMs with Microsoft Entra ID authentication could expose them to unauthorized access and security breaches. remediation: | Ensure the Microsoft Entra ID authentication extensions, "AADLoginForWindows" or "AADLoginForLinux", are installed and enabled on your Azure VMs for secure access management. reference: - https://docs.microsoft.com/en-us/azure/active-directory/develop/ tags: cloud,devops,azure,microsoft,entra-id,azure-cloud-config flow: | code(1); for (let VmData of iterate(template.vmList)) { VmData = JSON.parse(VmData); set("name", VmData.name); set("resourceGroup", VmData.resourceGroup); code(2); } self-contained: true code: - engine: - sh - bash source: | az vm list --output json --query '[*].{"name":name,"resourceGroup":resourceGroup}' extractors: - type: json name: vmList internal: true json: - '.[]' - engine: - sh - bash source: | az vm extension list --vm-name "$name" --resource-group "$resourceGroup" --query '[*].name' matchers-condition: and matchers: - type: word words: - 'AADLoginForWindows' - 'AADLoginForLinux' extractors: - type: dsl dsl: - 'name + " in " + resourceGroup + " does not have Microsoft Entra ID authentication enabled"' # digest: 4a0a004730450220714ddec54aa140cd1453cfc6ca97b9f8cb1a3b428a3edd6c88bda765fc1b9505022100936688180ce6e967caa55b02cc116f2337356de6d215c3a89e78b58434dec9ed:922c64590222798bb761d5b6d8e72950