MT.1014 - At least one Conditional Access policy is configured to require compliant or Entra hybrid joined devices for admins.
Overview
Device compliance conditional access policy can be used to require devices to be compliant or hybrid Azure AD joined for admins. This is a good way to prevent AITM attacks.
Learn more: https://aka.ms/CATemplatesAdminDevices
Test Metadata
| Field | Value |
|---|---|
| Test ID | MT.1014 |
| Severity | High |
| Suite | Maester |
| Category | CA |
| PowerShell test | Test-MtCaDeviceComplianceAdminsExists |
| Tags | CA, Maester, MT.1014 |
Source
- Pester test:
tests/Maester/Entra/Test-ConditionalAccessBaseline.Tests.ps1 - PowerShell source:
powershell/public/maester/entra/Test-MtCaDeviceComplianceAdminsExists.ps1