ben.carrasco/prowler
1
0
Fork 0
mirror of https://github.com/prowler-cloud/prowler.git synced 2026-04-14 00:19:46 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(m365): correct metadata for unknown device blocked check

Browse Source 
- Set ResourceType to NotDefined (no individual resource assessed)
- Replace broken AdditionalURLs with canonical Microsoft Learn links
- Clear RelatedTo (referenced check does not exist)
This commit is contained in:
Hugo P.Brito
2026-04-08 12:38:01 +01:00
parent 85195096be
commit 505ff94166
1 changed files with 4 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
prowler/providers/m365/services/entra/entra_conditional_access_policy_unknown_device_blocked/entra_conditional_access_policy_unknown_device_blocked.metadata.json
View File

@@ -7,14 +7,14 @@
"SubServiceName": "",
"ResourceIdTemplate": "",
"Severity": "medium",
"ResourceType": "Conditional Access Policy",
"ResourceType": "NotDefined",
"ResourceGroup": "IAM",
"Description": "Conditional Access policy that includes **all device platforms** and excludes the five known platforms (`android`, `iOS`, `windows`, `macOS`, `linux`) with a **block** grant control prevents sign-ins from unrecognized or unsupported devices.",
"Risk": "Without blocking unknown device platforms, attackers can sign in from **unmanaged or spoofed devices** that bypass compliance and security controls.\n\nThis increases the risk of **unauthorized access** and makes it harder to enforce device-based security policies.",
"RelatedUrl": "",
"AdditionalURLs": [
"https://learn.microsoft.com/en-us/entra/identity/conditional-access/concept-condition-device-platforms",
"https://learn.microsoft.com/en-us/entra/identity/conditional-access/howto-policy-unknown-unsupported-device"
"https://learn.microsoft.com/en-us/entra/identity/conditional-access/concept-conditional-access-conditions",
"https://learn.microsoft.com/en-us/entra/identity/conditional-access/policy-all-users-device-unknown-unsupported"
],
"Remediation": {
"Code": {
@@ -32,8 +32,6 @@
"identity-access"
],
"DependsOn": [],
"RelatedTo": [
"entra_managed_device_required_for_authentication"
],
"RelatedTo": [],
"Notes": "Device platform detection relies on user agent strings, which can be spoofed. This policy should be paired with device compliance policies for stronger security."
}