https://github.com/0x6f677548/zerotrust-ca-policies

Sample policies to implement a Zero Trust User Access strategy using Entra ID Conditional Access
https://github.com/0x6f677548/zerotrust-ca-policies

azuread conditional-access entraid identity infosec infosectools policy-as-code powertoys zerotrust

Last synced: 7 months ago
JSON representation

Sample policies to implement a Zero Trust User Access strategy using Entra ID Conditional Access

• Host: GitHub
• URL: https://github.com/0x6f677548/zerotrust-ca-policies
• Owner: 0x6f677548
• License: mit
• Created: 2024-01-05T18:07:54.000Z (almost 2 years ago)
• Default Branch: main
• Last Pushed: 2024-01-05T19:11:59.000Z (almost 2 years ago)
• Last Synced: 2025-03-10T07:51:33.282Z (7 months ago)
• Topics: azuread, conditional-access, entraid, identity, infosec, infosectools, policy-as-code, powertoys, zerotrust
• Homepage:
• Size: 7.81 KB
• Stars: 5
• Watchers: 1
• Forks: 2
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

          
# Zero Trust - Conditional Access Policies

This repository contains a set of sample policies that can be used to implement a Zero Trust model using Entra ID (Azure AD) Conditional Access. These polices are based on the samples available at https://github.com/microsoft/ConditionalAccessforZeroTrustResources and the [recommended guidelines](https://docs.microsoft.com/en-us/azure/architecture/guide/security/conditional-access-zero-trust?msclkid=d1768a34ceda11ec9b6c8f244f8d05bd) but have been modified to be deployed without the Microsoft365DSC dependency, by using [CA-PowerToys tool](https://github.com/0x6f677548/zerotrust-ca-powertoys), which allows the policies deployment using Graph API.

## Why ?

While Microsoft365DSC is a great tool, the used format is not human readable and easy to use in a Policy-as-Code model, since dependencies between policies, groups and applications are not always clear, with guid's being used instead of names. This makes it hard to understand the impact of a policy change and also to migrate policies between environments.

## Files

### groups.json

Contains the groups that are used in the policies. These groups should be created prior to deploying the policies. The groups are created using the [CA-PowerToys tool](https://github.com/0x6f677548/zerotrust-ca-powertoys)

### policies-humanreadable.json

Contains the policies in a human readable format. This file is used to generate the policies.json file using the [CA-PowerToys tool](https://github.com/0x6f677548/zerotrust-ca-powertoys), or, eventually, to be directly imported using the same tool.

## Usage

Since the policies are deployed using the CA-PowerToys tool, the usage is the same as described in the [CA-PowerToys documentation](https://github.com/0x6f677548/zerotrust-ca-powertoys)