Control types for @turbot/azure-activedirectory

• Azure > Active Directory > Application > CMDB
• Azure > Active Directory > Application > Discovery
• Azure > Active Directory > Client Secret > Active
• Azure > Active Directory > Client Secret > Approved
• Azure > Active Directory > Client Secret > CMDB
• Azure > Active Directory > Client Secret > Discovery
• Azure > Active Directory > Custom Domain > Approved
• Azure > Active Directory > Custom Domain > CMDB
• Azure > Active Directory > Custom Domain > Discovery
• Azure > Active Directory > Directory > CMDB
• Azure > Active Directory > Directory > Discovery
• Azure > Active Directory > Group > CMDB
• Azure > Active Directory > Group > Discovery
• Azure > Active Directory > Service Principal > CMDB
• Azure > Active Directory > Service Principal > Discovery
• Azure > Active Directory > User > Approved
• Azure > Active Directory > User > CMDB
• Azure > Active Directory > User > Discovery
• Azure > Turbot > Directory Event Poller

Azure > Active Directory > Application > CMDB

Record and synchronize details for the Azure Active Directory application into the CMDB.

The CMDB control is
responsible for populating and updating all the attributes for that
resource type in the Turbot CMDB.

Note: If CMDB is set to Skip for a resource, then it will not be added
to the CMDB, and no controls that target it will run.

Azure > Active Directory > Application > Discovery

Discover all Azure Active Directory application resources and add them to the CMDB.

The Discovery control is responsible for finding resources of a specific type. It periodically searches for new resources and saves them to the CMDB. Once discovered, resources are then responsible for tracking changes to themselves through the CMDB control.

Azure > Active Directory > Client Secret > Active

The Active control determines whether the resource is in active use. When running an automated compliance
environment, it's common to end up with a wide range of alarms that are difficult
and time consuming to clear. The Active control brings automated, well-defined
control to this process.

The Active control checks the status of all defined Active policies for the
resource (`Azure > Active Directory > Client Secret > Active > *`) and
raises an alarm. Each Active sub-policy can calculate a status of active, inactive or skipped. Generally,
if the resource appears to be Active for any reason it will be considered Active.

See [Active](https://turbot.com/v5/docs/concepts/guardrails/active) for more information.

Azure > Active Directory > Client Secret > Approved

Take an action when an Azure Active Directory client secret is not approved based on Azure > Active Directory > Client Secret > Approved > * policies.

The Approved control checks the status of the defined Approved sub-policies for the resource. If the resource is not approved according to any of these policies, this control raises an alarm.

See Approved for more information.

Azure > Active Directory > Client Secret > CMDB

Record and synchronize details for the Azure Active Directory client secret into the CMDB.

The CMDB control is
responsible for populating and updating all the attributes for that
resource type in the Turbot CMDB.

Note: If CMDB is set to Skip for a resource, then it will not be added
to the CMDB, and no controls that target it will run.

This control will automatically re-run every 24 hours because Azure does not currently support real-time events for this resource type.

Azure > Active Directory > Client Secret > Discovery

Discover all Azure Active Directory client secret resources and add them to the CMDB.

The Discovery control is responsible for finding resources of a specific type. It periodically searches for new resources and saves them to the CMDB. Once discovered, resources are then responsible for tracking changes to themselves through the CMDB control.

This control will automatically re-run every 24 hours because Azure does not currently support real-time events for this resource type.

Azure > Active Directory > Custom Domain > Approved

The Approved control checks the status of the defined Approved sub-policies for the resource. If the resource is not approved according to any of these policies, this control raises an alarm.

See [Approved](https://turbot.com/v5/docs/concepts/guardrails/approved) for more information.

Azure > Active Directory > Custom Domain > CMDB

Record and synchronize details for the Azure Active Directory custom domain into the CMDB.

The CMDB control is
responsible for populating and updating all the attributes for that
resource type in the Turbot CMDB.

Note: If CMDB is set to Skip for a resource, then it will not be added
to the CMDB, and no controls that target it will run.

This control will automatically re-run every 24 hours because Azure does not currently support real-time events for this resource type.

Azure > Active Directory > Custom Domain > Discovery

Discover all Azure Active Directory custom domain resources and add them to the CMDB.

The Discovery control is responsible for finding resources of a specific type. It periodically searches for new resources and saves them to the CMDB. Once discovered, resources are then responsible for tracking changes to themselves through the CMDB control.

This control will automatically re-run every 24 hours because Azure does not currently support real-time events for this resource type.

Azure > Active Directory > Directory > CMDB

Record and synchronize details for the Azure active directory user into the CMDB.

The CMDB control is
responsible for populating and updating all the attributes for that
resource type in the Turbot CMDB.

Note that if CMDB is set to Skip for a resource, then it will not be added
to the CMDB, and no controls that target it will run.

Azure > Active Directory > Directory > Discovery

Discover all Azure active directory resources and add them to the CMDB.

The Discovery control is responsible for finding resources of a specific type. It periodically searches for new resources and saves them to the CMDB. Once discovered, resources are then responsible for tracking changes to themselves through the CMDB control.

Azure > Active Directory > Group > CMDB

Record and synchronize details for the Azure active directory group into the CMDB.

The CMDB control is
responsible for populating and updating all the attributes for that
resource type in the Turbot CMDB.

Note that if CMDB is set to Skip for a resource, then it will not be added
to the CMDB, and no controls that target it will run.

Azure > Active Directory > Group > Discovery

Discover all Azure active directory group resources and add them to the CMDB.

The Discovery control is responsible for finding resources of a specific type. It periodically searches for new resources and saves them to the CMDB. Once discovered, resources are then responsible for tracking changes to themselves through the CMDB control.

Azure > Active Directory > Service Principal > CMDB

Record and synchronize details for the Azure Active Directory service principal into the CMDB.

The CMDB control is
responsible for populating and updating all the attributes for that
resource type in the Turbot CMDB.

Note: If CMDB is set to Skip for a resource, then it will not be added
to the CMDB, and no controls that target it will run.

Azure > Active Directory > Service Principal > Discovery

Discover all Azure Active Directory service principal resources and add them to the CMDB.

The Discovery control is responsible for finding resources of a specific type. It periodically searches for new resources and saves them to the CMDB. Once discovered, resources are then responsible for tracking changes to themselves through the CMDB control.

Azure > Active Directory > User > Approved

Take an action when an Azure Active Directory user is not approved based on Azure > Active Directory > User > Approved > * policies.

The Approved control checks the status of the defined Approved sub-policies for the resource. If the resource is not approved according to any of these policies, this control raises an alarm and takes the defined enforcement action.

For any enforcement actions that specify if new, e.g., Enforce: Delete unapproved if new, this control will only take the enforcement actions for resources created within the last 60 minutes.

See Approved for more information.

Azure > Active Directory > User > CMDB

Record and synchronize details for the Azure active directory user into the CMDB.

The CMDB control is
responsible for populating and updating all the attributes for that
resource type in the Turbot CMDB.

Note that if CMDB is set to Skip for a resource, then it will not be added
to the CMDB, and no controls that target it will run.

Azure > Active Directory > User > Discovery

Discover all Azure active directory user resources and add them to the CMDB.

The Discovery control is responsible for finding resources of a specific type. It periodically searches for new resources and saves them to the CMDB. Once discovered, resources are then responsible for tracking changes to themselves through the CMDB control.

Azure > Turbot > Directory Event Poller

The Turbot Azure Directory Poller control will query the Activity Log for relevant events on a schedule, and forward them to the router for processing.