GR2 | Validation 1 | Account Management: User Groups (M)

[MathesonSho]

ItemName: Account Management: User Groups (M) ItemName FR: Gestion des comptes : Groupes d'utilisateurs (M)

“Demonstrate that access configurations and policies are implemented for different classes of users (non-privileged and privileged users)”`

Description: This is a new control that determines if there is more than 1 user in the tenant and if so it is required to have at least two different user groups (segmenting between Privileged and Non-Privileged Users). Of these user groups one of them needs to be used in at least one of the environments Conditional Access Policies.

Sample Logic Flow:

• Determine how many users there are in the environment (XX)
• Determine how many user groups there are in the environment (Z)
• Ensure the amount of unique users in the tenant adds up to the amount of unique users in All of the User Groups (XX= XX)
• At least one of the environment’s Conditional Access Policy’s refer to a User Group in it’s implementation.

Comments ENG If compliant: Compliant If non-compliant (users=\ user groups users) : Not all users have been assigned to a privileged or non-privileged user group. If non-compliant: None of the conditional access policies refer to one of your user groups (privileged or non-privileged).

Comments FR If compliant: Conforme If non-compliant (users=\ user groups users) : Tous les utilisateurs n’ont pas été assignés à un groupe d’utilisateurs privilégiés ou non privilégiés. If non-compliant: Aucune des politiques d’accès conditionnel ne fait référence à l’un de vos groupes d’utilisateurs (privilégiés ou non privilégiés).