Hello,
How do i get the users that for example are not compliant with "MFA should be enabled on accounts with owner permissions on your subscription"
Using the Security Center you get the Subscription and when you click on them you get the users.
Is there any Query that could get the users?
The query from "Azure Resource Graph Explorer" only reports the subscriptions.
securityresources
| where type == "microsoft.security/assessments"
| extend source = tostring(properties.resourceDetails.Source)
| extend resourceId =
trim(" ", tolower(tostring(case(source =~ "azure", properties.resourceDetails.Id,
source =~ "aws", properties.resourceDetails.AzureResourceId,
source =~ "gcp", properties.resourceDetails.AzureResourceId,
extract("^(.+)/providers/Microsoft.Security/assessments/.+$",1,id)))))
| extend status = trim(" ", tostring(properties.status.code))
| extend cause = trim(" ", tostring(properties.status.cause))
| extend assessmentKey = tostring(name)
| where assessmentKey == "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" and status == "Unhealthy"
Thank you,
Adrian

