MT.1014 - At least one Conditional Access policy is configured to require compliant or Entra hybrid joined devices for admins.
Overview
Device compliance conditional access policy can be used to require devices to be compliant or hybrid Azure AD joined for admins. This is a good way to prevent AITM attacks.
Learn more: https://aka.ms/CATemplatesAdminDevices
Test Metadata
| Field | Value |
|---|---|
| Test ID | MT.1014 |
| Severity | High |
| Suite | M365 Advisor |
| Category | CA |
| PowerShell test | Test-MtCaDeviceComplianceAdminsExists |
| Tags | CA, M365Advisor, MT.1014 |
Source
- Pester test:
tests/M365Advisor/Entra/Test-ConditionalAccessBaseline.Tests.ps1 - PowerShell source:
powershell/public/M365Advisor/entra/Test-MtCaDeviceComplianceAdminsExists.ps1