From 505ff94166f1ab80655ff6c18a418bda9b59c54a Mon Sep 17 00:00:00 2001
From: "Hugo P.Brito" <hugopbrit@gmail.com>
Date: Wed, 8 Apr 2026 12:38:01 +0100
Subject: [PATCH] fix(m365): correct metadata for unknown device blocked check

- Set ResourceType to NotDefined (no individual resource assessed)
- Replace broken AdditionalURLs with canonical Microsoft Learn links
- Clear RelatedTo (referenced check does not exist)
---
 ..._access_policy_unknown_device_blocked.metadata.json | 10 ++++------
 1 file changed, 4 insertions(+), 6 deletions(-)

diff --git a/prowler/providers/m365/services/entra/entra_conditional_access_policy_unknown_device_blocked/entra_conditional_access_policy_unknown_device_blocked.metadata.json b/prowler/providers/m365/services/entra/entra_conditional_access_policy_unknown_device_blocked/entra_conditional_access_policy_unknown_device_blocked.metadata.json
index 7dc314355e..7c5266e230 100644
--- a/prowler/providers/m365/services/entra/entra_conditional_access_policy_unknown_device_blocked/entra_conditional_access_policy_unknown_device_blocked.metadata.json
+++ b/prowler/providers/m365/services/entra/entra_conditional_access_policy_unknown_device_blocked/entra_conditional_access_policy_unknown_device_blocked.metadata.json
@@ -7,14 +7,14 @@
   "SubServiceName": "",
   "ResourceIdTemplate": "",
   "Severity": "medium",
-  "ResourceType": "Conditional Access Policy",
+  "ResourceType": "NotDefined",
   "ResourceGroup": "IAM",
   "Description": "Conditional Access policy that includes **all device platforms** and excludes the five known platforms (`android`, `iOS`, `windows`, `macOS`, `linux`) with a **block** grant control prevents sign-ins from unrecognized or unsupported devices.",
   "Risk": "Without blocking unknown device platforms, attackers can sign in from **unmanaged or spoofed devices** that bypass compliance and security controls.\n\nThis increases the risk of **unauthorized access** and makes it harder to enforce device-based security policies.",
   "RelatedUrl": "",
   "AdditionalURLs": [
-    "https://learn.microsoft.com/en-us/entra/identity/conditional-access/concept-condition-device-platforms",
-    "https://learn.microsoft.com/en-us/entra/identity/conditional-access/howto-policy-unknown-unsupported-device"
+    "https://learn.microsoft.com/en-us/entra/identity/conditional-access/concept-conditional-access-conditions",
+    "https://learn.microsoft.com/en-us/entra/identity/conditional-access/policy-all-users-device-unknown-unsupported"
   ],
   "Remediation": {
     "Code": {
@@ -32,8 +32,6 @@
     "identity-access"
   ],
   "DependsOn": [],
-  "RelatedTo": [
-    "entra_managed_device_required_for_authentication"
-  ],
+  "RelatedTo": [],
   "Notes": "Device platform detection relies on user agent strings, which can be spoofed. This policy should be paired with device compliance policies for stronger security."
 }