Azure secure score admin MFA

SenservaPro_CL
| where ControlName_s == 'AzureSecureScoreAdminMFAV2'

status: Available
queryFrequency: 6h
id: 9a15c3dd-f72b-49a4-bcb7-94406395661e
tactics:
- Impact
entityMappings:
- fieldMappings:
  - columnName: ControlName_s
    identifier: Name
  - columnName: TenantId
    identifier: AadTenantId
  - columnName: TenantDisplayName_s
    identifier: DisplayName
  entityType: Account
- fieldMappings:
  - columnName: Group_s
    identifier: DistinguishedName
  entityType: SecurityGroup
- fieldMappings:
  - columnName: SourceSystem
    identifier: ResourceId
  entityType: AzureResource
requiredDataConnectors:
- connectorId: SenservaPro
  dataTypes:
  - SenservaPro_CL
OriginalUri: https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/SenservaPro/Analytic Rules/AdminMFA.yaml
version: 1.0.1
query: |
  SenservaPro_CL
  | where ControlName_s == 'AzureSecureScoreAdminMFAV2'  
description: |
    'This query searches for requiring multi-factor authentication (MFA) for all administrative roles makes it harder for attackers to access accounts. Administrative roles have higher permissions than typical users. If any of those accounts are compromised, critical devices and data is open to attack.'
relevantTechniques:
- T1529
- T1498
triggerThreshold: 0
queryPeriod: 6h
triggerOperator: gt
name: Azure secure score admin MFA
severity: High
kind: Scheduled