last sync: 2025-Feb-10 21:12:28 UTC

Microsoft Managed Control 1328 - Authenticator Management | Password-Based Authentication | Regulatory Compliance - Identification and Authentication

Azure BuiltIn Policy definition

Source Azure Portal
Display name Microsoft Managed Control 1328 - Authenticator Management | Password-Based Authentication
Id f5c66fdc-3d02-4034-9db5-ba57802609de
Version 1.0.0
Details on versioning
Versioning Versions supported for Versioning: 0
Built-in Versioning [Preview]
Category Regulatory Compliance
Microsoft Learn
Description Microsoft implements this Identification and Authentication control
Cloud environments AzureCloud = true
AzureUSGovernment = true
AzureChinaCloud = unknown
Available in AzUSGov The Policy is available in AzureUSGovernment cloud. Version: '1.0.0'
Repository: Azure-Policy f5c66fdc-3d02-4034-9db5-ba57802609de
Additional metadata Name/Id: ACF1328 / Microsoft Managed Control 1328
Category: Identification and Authentication
Title: Authenticator Management | Password-Based Authentication - Changed Character Count
Ownership: Customer, Microsoft
Description: The information system, for password-based authentication: Enforces at least the following number of changed characters when new passwords are created: 1 character;
Requirements: Where passwords exist, Azure enforces at least a one-character change when new passwords are created. Due to system limitations, Azure does not enforce a fifty percent (50%) change requirement in every new password. Azure implements strong password complexity, password expiration, password history, account lockout, and minimum password length to provide mitigation to the risks of not meeting this requirement. Additionally, the use of multifactor authentication via smart cards required at all authentication points provides strong security controls against credential guessing attacks. Azure considers these mitigating factors sufficient to address the incremental risk between Azure the required values for the number of changed characters.
Mode Indexed
Type Static
Preview False
Deprecated False
Effect Fixed
audit
RBAC role(s) none
Rule aliases none
Rule resource types IF (2)
Microsoft.Resources/subscriptions
Microsoft.Resources/subscriptions/resourceGroups
Compliance
The following 1 compliance controls are associated with this Policy definition 'Microsoft Managed Control 1328 - Authenticator Management | Password-Based Authentication' (f5c66fdc-3d02-4034-9db5-ba57802609de)
Control Domain Control Name MetadataId Category Title Owner Requirements Description Info Policy#
NIS2 IM._Identity_Management_10 NIS2_IM._Identity_Management_10 NIS2_IM._Identity_Management_10 IM. Identity Management The use of multi-factor authentication Customer, Microsoft Cryptographic Module Authentication The use of multi-factor authentication or continuous authentication solutions, secured voice, video and text communications and secured emergency communication systems within the entity, where appropriate. 29
Initiatives usage
Initiative DisplayName Initiative Id Initiative Category State Type polSet in AzUSGov
[Preview]: NIS2 32ff9e30-4725-4ca7-ba3a-904a7721ee87 Regulatory Compliance Preview BuiltIn unknown
History none
JSON compare n/a
JSON
api-version=2021-06-01
EPAC