update active directory to entra id

docs/azure.md

@@ -1,7 +1,7 @@
 # CloudSploit For Microsoft Azure
 
 ## Cloud Provider Configuration
-1. Log into your Azure Portal and navigate to the Azure Active Directory service.
+1. Log into your Azure Portal and navigate to the Azure Entra ID service.
 1. Select App registrations and then click on New registration.
 1. Enter "CloudSploit" and/or a descriptive name in the Name field, take note of it, it will be used again in step 3.
 1. Leave the "Supported account types" default: "Accounts in this organizational directory only (YOURDIRECTORYNAME)".

exports.js

@@ -1039,14 +1039,14 @@ module.exports = {
         'endpointLoggingEnabled'        : require(__dirname + '/plugins/azure/cdnprofiles/endpointLoggingEnabled.js'),
         'detectInsecureCustomOrigin'    : require(__dirname + '/plugins/azure/cdnprofiles/detectInsecureCustomOrigin.js'),
 
-        'passwordRequiresLowercase'     : require(__dirname + '/plugins/azure/activedirectory/passwordRequiresLowercase.js'),
-        'passwordRequiresNumbers'       : require(__dirname + '/plugins/azure/activedirectory/passwordRequiresNumbers.js'),
-        'passwordRequiresSymbols'       : require(__dirname + '/plugins/azure/activedirectory/passwordRequiresSymbols.js'),
-        'passwordRequiresUppercase'     : require(__dirname + '/plugins/azure/activedirectory/passwordRequiresUppercase.js'),
-        'minPasswordLength'             : require(__dirname + '/plugins/azure/activedirectory/minPasswordLength.js'),
-        'ensureNoGuestUser'             : require(__dirname + '/plugins/azure/activedirectory/ensureNoGuestUser.js'),
-        'noCustomOwnerRoles'            : require(__dirname + '/plugins/azure/activedirectory/noCustomOwnerRoles.js'),
-        'appOrgnaizationalDirectoryAccess'         : require(__dirname + '/plugins/azure/activedirectory/appOrgnaizationalDirectoryAccess.js'),
+        'passwordRequiresLowercase'     : require(__dirname + '/plugins/azure/entraid/passwordRequiresLowercase.js'),
+        'passwordRequiresNumbers'       : require(__dirname + '/plugins/azure/entraid/passwordRequiresNumbers.js'),
+        'passwordRequiresSymbols'       : require(__dirname + '/plugins/azure/entraid/passwordRequiresSymbols.js'),
+        'passwordRequiresUppercase'     : require(__dirname + '/plugins/azure/entraid/passwordRequiresUppercase.js'),
+        'minPasswordLength'             : require(__dirname + '/plugins/azure/entraid/minPasswordLength.js'),
+        'ensureNoGuestUser'             : require(__dirname + '/plugins/azure/entraid/ensureNoGuestUser.js'),
+        'noCustomOwnerRoles'            : require(__dirname + '/plugins/azure/entraid/noCustomOwnerRoles.js'),
+        'appOrgnaizationalDirectoryAccess'         : require(__dirname + '/plugins/azure/entraid/appOrgnaizationalDirectoryAccess.js'),
 
         'dbAuditingEnabled'             : require(__dirname + '/plugins/azure/sqldatabases/dbAuditingEnabled.js'),
         'dbDataMaskingEnabled'          : require(__dirname + '/plugins/azure/sqldatabases/dbDataMaskingEnabled.js'),

helpers/azure/api.js

@@ -260,21 +260,21 @@ var serviceMap = {
             BridgeCollectionService: 'wafpolicies', DataIdentifier: 'data',
         }
     ],
-    'Active Directory': [
+    'Entra ID': [
         {
             enabled: true, isSingleSource: true, InvAsset: 'activeDirectory', InvService: 'activeDirectory',
             InvResourceCategory: 'cloud_resources', InvResourceType: 'Roles', BridgeServiceName: 'roledefinitions',
-            BridgePluginCategoryName: 'Active Directory', BridgeProvider: 'Azure', BridgeCall: 'list',
+            BridgePluginCategoryName: 'Entra ID', BridgeProvider: 'Azure', BridgeCall: 'list',
             BridgeArnIdentifier: '', BridgeIdTemplate: '', BridgeResourceType: 'roleDefinitions',
-            BridgeResourceNameIdentifier: 'name', BridgeExecutionService: 'Active Directory',
+            BridgeResourceNameIdentifier: 'name', BridgeExecutionService: 'Entra ID',
             BridgeCollectionService: 'roledefinitions', DataIdentifier: 'data',
         },
         {
             enabled: true, isSingleSource: true, InvAsset: 'activeDirectory', InvService: 'activeDirectory',
             InvResourceCategory: 'cloud_resources', InvResourceType: 'Application', BridgeServiceName: 'applications',
-            BridgePluginCategoryName: 'Active Directory', BridgeProvider: 'Azure', BridgeCall: 'list',
+            BridgePluginCategoryName: 'Entra ID', BridgeProvider: 'Azure', BridgeCall: 'list',
             BridgeArnIdentifier: '', BridgeIdTemplate: '', BridgeResourceType: '',
-            BridgeResourceNameIdentifier: 'name', BridgeExecutionService: 'Active Directory',
+            BridgeResourceNameIdentifier: 'name', BridgeExecutionService: 'Entra ID',
             BridgeCollectionService: 'applications', DataIdentifier: 'data',
         }
     ]
@@ -486,7 +486,7 @@ var calls = {
         list: {
             url: 'https://management.azure.com/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions?api-version=2015-07-01'
         },
-        sendIntegration: serviceMap['Active Directory'][0]
+        sendIntegration: serviceMap['Entra ID'][0]
     },
     managementLocks: {
         listAtSubscriptionLevel: {
@@ -519,7 +519,7 @@ var calls = {
             url: 'https://graph.microsoft.com/v1.0/applications/',
             graph: true,
         },
-        sendIntegration: serviceMap['Active Directory'][1]
+        sendIntegration: serviceMap['Entra ID'][1]
     },
     automationAccounts: {
         list: {

plugins/azure/activedirectory/appOrgnaizationalDirectoryAccess.js → plugins/azure/entraid/appOrgnaizationalDirectoryAccess.js

@@ -3,12 +3,12 @@ const helpers = require('../../../helpers/azure');
 
 module.exports = {
     title: 'Azure AD App Organizational Directory Access',
-    category: 'Active Directory',
+    category: 'Entra ID',
     domain: 'Identity and Access Management',
     severity: 'Medium',
-    description: 'Ensures that Azure Active Directory applications are accessible to accounts in organisational directory only.',
+    description: 'Ensures that Azure Entra ID applications are accessible to accounts in organisational directory only.',
     more_info: 'AAD provides different types of account access. By using single-tenant authentication, the impact gets limited to the application’s tenant i.e. all users from the same tenant could connect to the application and save app from unauthorised access.',
-    link: 'https://learn.microsoft.com/en-us/azure/active-directory/develop/single-and-multi-tenant-apps',
+    link: 'https://learn.microsoft.com/en-us/entra/identity-platform/single-and-multi-tenant-apps',
     recommended_action: 'Modify the Azure app authentication setting and provide access to accounts in organisational directory only',
     apis: ['applications:list'],
 

plugins/azure/activedirectory/ensureNoGuestUser.js → plugins/azure/entraid/ensureNoGuestUser.js

@@ -3,13 +3,13 @@ const helpers = require('../../../helpers/azure');
 
 module.exports = {
     title: 'Ensure No Guest User',
-    category: 'Active Directory',
+    category: 'Entra ID',
     domain: 'Identity and Access Management',
     severity: 'Medium',
     description: 'Ensures that there are no guest users in the subscription',
     more_info: 'Guest users are usually users that are invited from outside the company structure, these users are not part of the onboarding/offboarding process and could be overlooked, causing security vulnerabilities.',
-    link: 'https://learn.microsoft.com/en-us/azure/active-directory/b2b/add-users-administrator',
-    recommended_action: 'Remove all guest users unless they are required to be members of the Active Directory account.',
+    link: 'https://learn.microsoft.com/en-us/entra/external-id/add-users-administrator',
+    recommended_action: 'Remove all guest users unless they are required to be members of the Entra ID account.',
     apis: ['users:list'],
 
     run: function(cache, settings, callback) {

plugins/azure/activedirectory/minPasswordLength.js → plugins/azure/entraid/minPasswordLength.js

@@ -3,12 +3,12 @@ const helpers = require('../../../helpers/azure');
 
 module.exports = {
     title: 'Minimum Password Length',
-    category: 'Active Directory',
+    category: 'Entra ID',
     domain: 'Identity and Access Management',
     severity: 'Low',
     description: 'Ensures that all Azure passwords require a minimum length',
     more_info: 'Azure handles most password policy settings, including the minimum password length, defaulted to 8 characters.',
-    link: 'https://learn.microsoft.com/en-us/azure/active-directory/authentication/concept-sspr-policy#password-policies-that-only-apply-to-cloud-user-accounts',
+    link: 'https://learn.microsoft.com/en-us/entra/identity/authentication/concept-sspr-policy#password-policies-that-only-apply-to-cloud-user-accounts',
     recommended_action: 'No action necessary. Azure handles password requirement settings.',
     apis: ['resources:list'],
 

plugins/azure/activedirectory/noCustomOwnerRoles.js → plugins/azure/entraid/noCustomOwnerRoles.js

@@ -3,7 +3,7 @@ const helpers = require('../../../helpers/azure');
 
 module.exports = {
     title: 'No Custom Owner Roles',
-    category: 'Active Directory',
+    category: 'Entra ID',
     domain: 'Identity and Access Management',
     severity: 'Medium',
     description: 'Ensures that no custom owner roles exist.',

plugins/azure/activedirectory/passwordRequiresLowercase.js → plugins/azure/entraid/passwordRequiresLowercase.js

@@ -3,12 +3,12 @@ const helpers = require('../../../helpers/azure');
 
 module.exports = {
     title: 'Password Requires Lowercase',
-    category: 'Active Directory',
+    category: 'Entra ID',
     domain: 'Identity and Access Management',
     severity: 'Low',
     description: 'Ensures that all Azure passwords require lowercase characters',
     more_info: 'Azure handles most password policy settings, including which character types are required. Azure requires 3 out of 4 of the following character types: lowercase, uppercase, special characters, and numbers.',
-    link: 'https://learn.microsoft.com/en-us/azure/active-directory/authentication/concept-sspr-policy#password-policies-that-only-apply-to-cloud-user-accounts',
+    link: 'https://learn.microsoft.com/en-us/entra/identity/authentication/concept-sspr-policy#password-policies-that-only-apply-to-cloud-user-accounts',
     recommended_action: 'No action necessary. Azure handles password requirement settings.',
     apis: ['resources:list'],
 

plugins/azure/activedirectory/passwordRequiresNumbers.js → plugins/azure/entraid/passwordRequiresNumbers.js

@@ -3,12 +3,12 @@ const helpers = require('../../../helpers/azure');
 
 module.exports = {
     title: 'Password Requires Numbers',
-    category: 'Active Directory',
+    category: 'Entra ID',
     domain: 'Identity and Access Management',
     severity: 'Low',
     description: 'Ensures that all Azure passwords require numbers',
     more_info: 'Azure handles most password policy settings, including which character types are required. Azure requires 3 out of 4 of the following character types: lowercase, uppercase, special characters, and numbers.',
-    link: 'https://learn.microsoft.com/en-us/azure/active-directory/authentication/concept-sspr-policy#password-policies-that-only-apply-to-cloud-user-accounts',
+    link: 'https://learn.microsoft.com/en-us/entra/identity/authentication/concept-sspr-policy#password-policies-that-only-apply-to-cloud-user-accounts',
     recommended_action: 'No action necessary. Azure handles password requirement settings.',
     apis: ['resources:list'],
 

plugins/azure/activedirectory/passwordRequiresSymbols.js → plugins/azure/entraid/passwordRequiresSymbols.js

@@ -8,7 +8,7 @@ module.exports = {
     severity: 'Low',
     description: 'Ensures that all Azure passwords require symbol characters',
     more_info: 'Azure handles most password policy settings, including which character types are required. Azure requires 3 out of 4 of the following character types: lowercase, uppercase, special characters, and numbers.',
-    link: 'https://learn.microsoft.com/en-us/azure/active-directory/authentication/concept-sspr-policy#password-policies-that-only-apply-to-cloud-user-accounts',
+    link: 'Entra ID',
     recommended_action: 'No action necessary. Azure handles password requirement settings.',
     apis: ['resources:list'],
 

plugins/azure/activedirectory/passwordRequiresUppercase.js → plugins/azure/entraid/passwordRequiresUppercase.js

@@ -3,12 +3,12 @@ const helpers = require('../../../helpers/azure');
 
 module.exports = {
     title: 'Password Requires Uppercase',
-    category: 'Active Directory',
+    category: 'Entra ID',
     domain: 'Identity and Access Management',
     severity: 'Low',
     description: 'Ensures that all Azure passwords require uppercase characters',
     more_info: 'Azure handles most password policy settings, including which character types are required. Azure requires 3 out of 4 of the following character types: lowercase, uppercase, special characters, and numbers.',
-    link: 'https://learn.microsoft.com/en-us/azure/active-directory/authentication/concept-sspr-policy#password-policies-that-only-apply-to-cloud-user-accounts',
+    link: 'https://learn.microsoft.com/en-us/entra/identity/authentication/concept-sspr-policy#password-policies-that-only-apply-to-cloud-user-accounts',
     recommended_action: 'No action necessary. Azure handles password requirement settings.',
     apis: ['resources:list'],