Azure IAM
The Azure IAM analyzer provides insights into identity and access management roles within your Azure environment, helping manage role assignments, enforce access controls, and detect security risks.
Required Blueprints: Azure
Sightlines
| Sightline | Description |
|---|---|
| IAM Roles | Surfaces IAM role configurations, highlighting roles with administrative privileges and unusual access patterns. |
Explorer Node Types
Use these node types in Explorer or KAI to query resources surfaced by this analyzer:
azure.authorization.RoleDefinition, azure.subscription.Account
Related Analyzers
- Azure Storage — Role-based access control for storage accounts
- Azure Network — Network security group access policies
- Azure Database — Database authentication and access control
Insight Feed Alerts
-
Excessive Privileges Alert: Identifies IAM roles with elevated or administrative access, ensuring enforcement of least privilege principles.
-
Unused Role Alert: Flags roles that have not been used for a specified period, enabling review and deactivation.
-
Role Misconfiguration Alert: Highlights roles with unusual or incorrect configurations, such as missing MFA enforcement or excessive scope.
-
Role Type Distribution Alert: Monitors role distribution by type, flagging unexpected deviations that may indicate security or operational issues.
-
Roles with Admin Access Alert: Detects roles with direct or indirect administrative access to critical resources.