last sync: 2024-May-24 18:03:04 UTC

Microsoft Managed Control 1328 - Authenticator Management | Password-Based Authentication | Regulatory Compliance - Identification and Authentication

Azure BuiltIn Policy definition

Source Azure Portal
Display name Microsoft Managed Control 1328 - Authenticator Management | Password-Based Authentication
Id f5c66fdc-3d02-4034-9db5-ba57802609de
Version 1.0.0
Details on versioning
Category Regulatory Compliance
Microsoft Learn
Description Microsoft implements this Identification and Authentication control
Additional metadata Name/Id: ACF1328 / Microsoft Managed Control 1328
Category: Identification and Authentication
Title: Authenticator Management | Password-Based Authentication - Changed Character Count
Ownership: Customer, Microsoft
Description: The information system, for password-based authentication: Enforces at least the following number of changed characters when new passwords are created: 1 character;
Requirements: Where passwords exist, Azure enforces at least a one-character change when new passwords are created. Due to system limitations, Azure does not enforce a fifty percent (50%) change requirement in every new password. Azure implements strong password complexity, password expiration, password history, account lockout, and minimum password length to provide mitigation to the risks of not meeting this requirement. Additionally, the use of multifactor authentication via smart cards required at all authentication points provides strong security controls against credential guessing attacks. Azure considers these mitigating factors sufficient to address the incremental risk between Azure the required values for the number of changed characters.
Mode Indexed
Type Static
Preview False
Deprecated False
Effect Fixed
RBAC role(s) none
Rule aliases none
Rule resource types IF (2)
Compliance Not a Compliance control
Initiatives usage none
History none
JSON compare n/a