maester
maester copied to clipboard
maester365
MT.1005 Exclude Workload ID policies
Workload ID CA policies cannot have an exclusion for emergency access accounts.
MT.1005 will need to automatically exclude Workload ID policies from this check.
See this thread for discussion https://discord.com/channels/1125617152368594976/1228042312202850415
@Cloud-Architekt or @merill can you provide me with the JSON structure of a workload ID policy I will update the function to not consider those
Sorry I missed this one.
Here's a sample Workload ID CA policy.
{
"id": "7e322e13-109c-453d-91ab-3af5e58eafef",
"templateId": null,
"displayName": "RO - Workload ID Block on risk, report-only",
"createdDateTime": "2022-03-02T07:18:06.2592397Z",
"modifiedDateTime": "2023-03-02T04:54:57.4324121Z",
"state": "enabledForReportingButNotEnforced",
"partialEnablementStrategy": null,
"sessionControls": null,
"conditions": {
"userRiskLevels": [],
"signInRiskLevels": [],
"clientAppTypes": [
"all"
],
"servicePrincipalRiskLevels": [
"high",
"medium"
],
"platforms": null,
"locations": null,
"times": null,
"deviceStates": null,
"devices": null,
"applications": {
"includeApplications": [
"All"
],
"excludeApplications": [],
"includeUserActions": [],
"includeAuthenticationContextClassReferences": [],
"applicationFilter": null
},
"users": {
"includeUsers": [
"None"
],
"excludeUsers": [],
"includeGroups": [],
"excludeGroups": [],
"includeRoles": [],
"excludeRoles": [],
"includeGuestsOrExternalUsers": null,
"excludeGuestsOrExternalUsers": null
},
"clientApplications": {
"includeServicePrincipals": [
"ServicePrincipalsInMyTenant"
],
"excludeServicePrincipals": []
}
},
"grantControls": {
"operator": "OR",
"builtInControls": [
"block"
],
"customAuthenticationFactors": [],
"termsOfUse": [],
"[email protected]": "https://graph.microsoft.com/beta/$metadata#policies/conditionalAccessPolicies('7e322e13-109c-453d-91ab-3af5e58eafef')/grantControls/authenticationStrength/$entity",
"authenticationStrength": null
}
},