website logo
HomeGithubSlack
⌘K
Overview
Quick Start
Supported Services
Running CloudGraph in EKS
Compliance
Rules Engine
AWS
Querying AWS Data
AWS Policy Packs
Billing Data
Services
Azure
Querying Azure Data
Azure Policy Packs
Services
GCP
Querying GCP Data
GCP Policy Packs
Services
K8s
Querying Kubernetes Data
Services
Docs powered by archbee 

AD Security Defaults Policy

13min

Note: if you are running CloudGraph locally you can view the interactive, automatically generated documentation in either GraphQL Playground or Altair by clicking the docs button on the right-hand side of the screen. After reading the below information we highly suggest you use one of these tools to test your queries as they will autocomplete fields for you and let you know if your queries are valid before you even submit them.

Overview

You can currently query the following attributes on an Azure AD Security Defaults Policy

GraphQL
|
query {
  queryazureAdIdentitySecurityDefaultsEnforcementPolicy {
    id
    region
    description
    displayName
    isEnabled
  }
}


Filtering

Get data for a single Azure AD Security Defaults Policy key that you know the ID for:

GraphQL
|
query {
  queryazureAdIdentitySecurityDefaultsEnforcementPolicy(
    filter: {id: {eq: "12345"}}
  ) {
    id
  }
}


Get data for all of the Azure AD Security Defaults Policies in a certain region:

GraphQL
|
query {
  queryazureAdIdentitySecurityDefaultsEnforcementPolicy(filter: { region: { eq: "eastus" } }) {
    id
    # Other fields and connections here...
  }
}

# Note that in addition to "region" you can
# Filter based on any of the following attributes:

# id
# description
# displayName
# isEnabled

# And the following Dgraph filters can also be applied:

# has
# and
# or
# not
# regexp (regular expressions)

# fulltext filters

# alloftext
# anyoftext


Get data for all of the Azure AD Security Defaults Policies that are NOT in a certain region:

GraphQL
|
query {
  queryazureAdIdentitySecurityDefaultsEnforcementPolicy(filter: { not: { region: { eq: "eastus" } } }) {
    id
    # Other fields and connections here...
  }
}


Ordering

You can order the results you get back either asc or desc depending on your preference:

GraphQL
|
query {
  queryazureAdIdentitySecurityDefaultsEnforcementPolicy(order: { desc: displayName }) {
    id
    # Other fields and connections here...
  }
}

# Note that in addition to "displayName" you can filter
# Using "asc" or "desc" based on any of the following attributes:

# id
# description
# isEnabled


Only select and return the first two Azure AD Security Defaults Policies that are found:

GraphQL
|
query {
  queryazureAdIdentitySecurityDefaultsEnforcementPolicy(first: 2, order: { desc: displayName }) {
    id
    # Other fields and connections here...
  }
}


Only select and return the first two Azure AD Security Defaults Policies that are found, but offset by one so keys two & three are returned:

GraphQL
|
query {
  queryazureAdIdentitySecurityDefaultsEnforcementPolicy(first: 2, order: { desc: displayName }, offset: 1) {
    id
    # Other fields and connections here...
  }
}


Aggregation

Count the number of Azure AD Security Defaults Policies across all scanned Azure subscriptions:

GraphQL
|
query {
  aggregateazureAdIdentitySecurityDefaultsEnforcementPolicy {
    count
    # Other fields and connections here...
  }
}

# Note that in addition to "count" you can request the
# Following min and max values based on attributes of your Disks:

# idMin
# idMax
# descriptionMin
# descriptionMax
# displayNameMin
# displayNameMax
# isEnabledMin
# isEnabledMax


Count the number of Azure AD Security Defaults Policies in a single account. Note that you can apply all of the same filters that are listed above to aggregate queries:

GraphQL
|
query {
  aggregateazureAdIdentitySecurityDefaultsEnforcementPolicy(filter: { region: { eq: "eastus" } }) {
    count
    # Other fields and connections here...
  }
}


Examples

Find all of the Azure AD Security Defaults Policies that are in the eastus region across all your accounts:

GraphQL
|
query {
  queryazureAdIdentitySecurityDefaultsEnforcementPolicy(filter: { region: { eq: "eastus" } }) {
    id
    # Other fields and connections here...
  }
}


Kitchen Sink

Putting it all together; get all data for all Azure AD Security Defaults Policies across all regions for all scanned Azure subscriptions in a single query:

GraphQL
|
query {
  queryazureAdIdentitySecurityDefaultsEnforcementPolicy {
    id
    region
    description
    displayName
    isEnabled
  }
}


References

Dgraph documentation on querying

Azure Security defaults in Azure AD Documentation

Updated 03 Mar 2023
Did this page help you?
Yes
No
PREVIOUS
AD User
NEXT
App Service Plan
Docs powered by archbee 
TABLE OF CONTENTS
Overview
Filtering
Ordering
Aggregation
Examples
Kitchen Sink
References