Vendor services misconfigurations

AKS cluster is not using Azure Active Directory authentication

Risk Level

Informational (4)

Platform(s)
Compliance Frameworks

Description

Azure Kubernetes Service (AKS) can be configured to use Azure Active Directory (AD) for user authentication. In this configuration, you sign in to an AKS cluster using an Azure AD authentication token. You can also configure Kubernetes role-based access control (Kubernetes RBAC) to limit access to cluster resources based on a user's identity or group membership. Kubernetes RBAC and AKS help you secure your cluster access and provide only the minimum required permissions to developers and operators. It was detected that {AzureAksCluster} cluster does not have Azure AD authentication enabled.

  • Recommended Mitigation

    It is recommended to enable Azure AD authentication on all AKS clusters. For more information see <a href="https://learn.microsoft.com/en-us/azure/aks/managed-aad" target="_blank" rel="noopener noreferrer">https://learn.microsoft.com/en-us/azure/aks/managed-aad</a>

Need help?

Get a free Security Risk Assessment. Start today

See Orca in action See Orca in action-> View a 10 minute recorded demo or sign up for a personalized one-on-one walk-through.