Azure has the following logic to check Active Directory for stale users:
refreshTokensValidFromDateTime > STS TokenLifetimePolicy MaxInactiveTime
(default of 90 days for Azure, may vary for customer) + acceptable
number of days past the refresh token...
Public IP addresses allow Internet resources to communicate inbound to
Azure resources. Security posture Management can help with custom rules
to ensure that specifically tagged VM instances donot have a Network
Interface with public IPs assigned. Th...
Organizations have their own convention of tagging buckets containing
PII objects . We can leverage Security Posture Management to create
custom rules to check if these specifically tagged buckets are open to
the public: AWS : S3Bucket where Access e...
Inside an AWS Private S3 bucket, a specific object can be made public by
using any of the following steps: Update the object's access control
list (ACL) using the Amazon S3 console Update the object's ACL using the
AWS Command Line Interface (AWS CLI...