Azure group has access to a large number of resources

Set up the azure integration.

This page is not yet available in Spanish. We are working on its translation.
If you have any questions or feedback about our current translation project, feel free to reach out to us!

Description

To mitigate the impact of credential exposure or compromise, role assignments should be scoped down to the least scope of access needed to perform their responsibilities. This rule identifies when a group is assigned a role that has overly broad access to resources within a tenant. Datadog considers access large when the number of resources a user has access to is greater that 40% of the total resource count of the tenant.

Rationale

By comparing the volume of resource a group can access with the total resources of a tenant, we can identify overly large access. This access should be more tightly scoped to limit the impact of a potential compromise.

Remediation

Datadog recommends reducing the scope of a role assigned to a group to the minimum necessary for the members to fulfill their duties. Azure Activity Logs provide a comprehensive view of actual resource interaction. These actions should be compared with the total scope allocated to the group and the role assignment’s scope adjusted more tightly to accord with necessary activity.

PREVIEWING: piotr_wolski/update-dsm-docs