monkey365

0.95.1

rules/findings/EntraID/Groups/CIS3.1/eid-dynamic-group-for-guest-users-not-present.json

                                {

  "args": [

  ],

  "provider": "EntraID",

  "serviceType": "Groups",

  "serviceName": "Microsoft Entra ID",

  "displayName": "Ensure a dynamic group for guest users is created",

  "description": "A dynamic group is a dynamic configuration of security group membership for Microsoft Entra ID. Administrators can set rules to populate groups that are created in Entra ID based on user attributes (such as userType, department, or country/region). Members can be automatically added to or removed from a security group based on their attributes. The recommended state is to create a dynamic group that includes guest accounts.",

  "rationale": "Dynamic groups allow for an automated method to assign group membership. Guest user accounts will be automatically added to this group and through this existing conditional access rules, access controls and other security measures will ensure that new guest accounts are restricted in the same manner as existing guest accounts.",

  "impact": null,

  "remediation": {

    "text": "",

    "code": {

      "powerShell": null,

      "iac": null,

      "terraform": null,

      "other": null

    }

  },

  "recommendation": null,

  "references": [

    "https://learn.microsoft.com/en-us/azure/active-directory/enterprise-users/groups-create-rule",

    "https://learn.microsoft.com/en-us/azure/active-directory/enterprise-users/groups-dynamic-membership",

    "https://learn.microsoft.com/en-us/azure/active-directory/external-identities/use-dynamic-groups"

  ],

  "compliance": [

    {

      "name": "CIS Microsoft 365 Foundations Benchmark",

      "version": "3.1.0",

      "reference": "5.1.3.1",

      "profile": "E3 Level 1"

    }

  ],

  "level": "low",

  "tags": [

  ],

  "rule": {

    "path": "",

    "subPath": null,

    "selectCondition": {

    },

    "query": [

    ],

    "shouldExist": "true",

    "returnObject": null,

    "removeIfNotExists": null

  },

  "output": {

    "html": {

      "data": {

        "expandObject": null

      },

      "table": "Normal",

      "decorate": [

      ],

      "emphasis": [

      ],

      "actions": {

        "objectData": {

          "properties": [

          ],

          "expandObject": null,

          "limit": null

        },

        "showGoToButton": "True",

        "showModalButton": "True",

        "directLink": null

      }

    },

    "text": {

      "data": {

        "properties": {

        },

        "expandObject": null

      },

      "status": {

        "keyName": [

        ],

        "message": "Ensure a dynamic group for guest users is created",

        "defaultMessage": null

      },

      "properties": {

        "resourceName": null,

        "resourceId": null,

        "resourceType": null

      },

      "onlyStatus": false

    }

  },

  "idSuffix": "eid_dynamic_group_for_guests_not_enabled",

  "notes": [

  ],

  "categories": [

  ]

}