last sync: 2025-Jul-28 17:33:20 UTC

Audit machines with insecure password security settings

Azure BuiltIn Policy Initiative (PolicySet)

Source Azure Portal
Display nameAudit machines with insecure password security settings
Id095e4ed9-c835-4ab6-9439-b5644362a06c
Version1.1.0
Details on versioning
Versioning Versions supported for Versioning: 1
1.1.0
Built-in Versioning [Preview]
CategoryGuest Configuration
Microsoft Learn
DescriptionThis initiative deploys the policy requirements and audits machines with insecure password security settings. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol
Cloud environmentsAzureCloud = true
AzureChinaCloud = unknown
AzureUSGovernment = true
Available in AzUSGovThe PolicySet is available in AzureUSGovernment cloud. Version: '1.1.0'
Repository: Azure-Policy 095e4ed9-c835-4ab6-9439-b5644362a06c
TypeBuiltIn
DeprecatedFalse
PreviewFalse
Policy-used summary
Policy types Policy states Policy categories
Total Policies: 9
Builtin Policies: 9
Static Policies: 0
GA: 9
1 categories:
Guest Configuration: 9
Policy-used
Rows: 1-9 / 9
Records:
Use the filters above each column to filter and limit table data. Advanced searches can be performed by using the following operators:
<, <=, >, >=, =, *, !, {, }, ||,&&, [empty], [nonempty], rgx:
Learn more

TableFilter v0.7.3

https://www.tablefilter.com/
©2015-2025 Max Guglielmi
?
Page of 1
Policy DisplayName Policy Id Category Version Versioning Effect Roles# Roles State policy in AzUSGov
Audit Linux machines that allow remote connections from accounts without passwords ea53dbee-c6c9-4f0e-9f9e-de0039b78023 Guest Configuration 3.1.0 2x
3.1.0, 3.0.0
Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA true
Audit Linux machines that do not have the passwd file permissions set to 0644 e6955644-301c-44b5-a4c4-528577de6861 Guest Configuration 3.1.0 2x
3.1.0, 3.0.0
Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA true
Audit Linux machines that have accounts without passwords f6ec09a3-78bf-4f8f-99dc-6c77182d0f99 Guest Configuration 3.1.0 2x
3.1.0, 3.0.0
Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA true
Audit Windows machines that allow re-use of the passwords after the specified number of unique passwords 5b054a0d-39e2-4d53-bea3-9734cad2c69b Guest Configuration 2.1.0 1x
2.1.0
Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA true
Audit Windows machines that do not have the maximum password age set to specified number of days 4ceb8dc2-559c-478b-a15b-733fbf1e3738 Guest Configuration 2.1.0 1x
2.1.0
Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA true
Audit Windows machines that do not have the minimum password age set to specified number of days 237b38db-ca4d-4259-9e47-7882441ca2c0 Guest Configuration 2.1.0 1x
2.1.0
Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA true
Audit Windows machines that do not have the password complexity setting enabled bf16e0bb-31e1-4646-8202-60a235cc7e74 Guest Configuration 2.0.0 1x
2.0.0
Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA true
Audit Windows machines that do not restrict the minimum password length to specified number of characters a2d0e922-65d0-40c4-8f87-ea6da2d307a2 Guest Configuration 2.1.0 1x
2.1.0
Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA true
Audit Windows machines that do not store passwords using reversible encryption da0f98fe-a24b-4ad5-af69-bd0400233661 Guest Configuration 2.0.0 1x
2.0.0
Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA true
Roles used No Roles used
History
Date/Time (UTC ymd) (i) Changes
2023-04-28 17:43:07 Version change: '1.0.0' to '1.1.0'
2020-09-09 11:24:08 add Initiative 095e4ed9-c835-4ab6-9439-b5644362a06c
JSON compare
compare mode: version left: version right:
1.0.0 → 1.1.0 RENAMED
@@ -1,11 +1,12 @@
1
  {
2
  "displayName": "Audit machines with insecure password security settings",
3
  "description": "This initiative deploys the policy requirements and audits machines with insecure password security settings. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol",
4
  "metadata": {
5
- "version": "1.0.0",
6
  "category": "Guest Configuration"
7
  },
 
8
  "parameters": {
9
  "IncludeArcMachines": {
10
  "type": "String",
11
  "metadata": {
@@ -16,32 +17,73 @@
16
  "true",
17
  "false"
18
  ],
19
  "defaultValue": "false"
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
20
  }
21
  },
22
  "policyDefinitions": [
23
  {
24
  "policyDefinitionReferenceId": "AINE_MaximumPasswordAge",
25
  "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/4ceb8dc2-559c-478b-a15b-733fbf1e3738",
 
26
  "parameters": {
27
  "IncludeArcMachines": {
28
  "value": "[parameters('IncludeArcMachines')]"
 
 
 
29
  }
30
  }
31
  },
32
  {
33
  "policyDefinitionReferenceId": "AINE_MinimumPasswordAge",
34
  "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/237b38db-ca4d-4259-9e47-7882441ca2c0",
 
35
  "parameters": {
36
  "IncludeArcMachines": {
37
  "value": "[parameters('IncludeArcMachines')]"
 
 
 
38
  }
39
  }
40
  },
41
  {
42
  "policyDefinitionReferenceId": "AINE_PasswordMustMeetComplexityRequirements",
43
  "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/bf16e0bb-31e1-4646-8202-60a235cc7e74",
 
44
  "parameters": {
45
  "IncludeArcMachines": {
46
  "value": "[parameters('IncludeArcMachines')]"
47
  }
@@ -49,8 +91,9 @@
49
  },
50
  {
51
  "policyDefinitionReferenceId": "AINE_StorePasswordsUsingReversibleEncryption",
52
  "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/da0f98fe-a24b-4ad5-af69-bd0400233661",
 
53
  "parameters": {
54
  "IncludeArcMachines": {
55
  "value": "[parameters('IncludeArcMachines')]"
56
  }
@@ -58,26 +101,35 @@
58
  },
59
  {
60
  "policyDefinitionReferenceId": "AINE_EnforcePasswordHistory",
61
  "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/5b054a0d-39e2-4d53-bea3-9734cad2c69b",
 
62
  "parameters": {
63
  "IncludeArcMachines": {
64
  "value": "[parameters('IncludeArcMachines')]"
 
 
 
65
  }
66
  }
67
  },
68
  {
69
  "policyDefinitionReferenceId": "AINE_MinimumPasswordLength",
70
  "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/a2d0e922-65d0-40c4-8f87-ea6da2d307a2",
 
71
  "parameters": {
72
  "IncludeArcMachines": {
73
  "value": "[parameters('IncludeArcMachines')]"
 
 
 
74
  }
75
  }
76
  },
77
  {
78
  "policyDefinitionReferenceId": "AINE_PasswordPolicy_msid110",
79
  "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/ea53dbee-c6c9-4f0e-9f9e-de0039b78023",
 
80
  "parameters": {
81
  "IncludeArcMachines": {
82
  "value": "[parameters('IncludeArcMachines')]"
83
  }
@@ -85,8 +137,9 @@
85
  },
86
  {
87
  "policyDefinitionReferenceId": "AINE_PasswordPolicy_msid121",
88
  "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e6955644-301c-44b5-a4c4-528577de6861",
 
89
  "parameters": {
90
  "IncludeArcMachines": {
91
  "value": "[parameters('IncludeArcMachines')]"
92
  }
@@ -94,12 +147,16 @@
94
  },
95
  {
96
  "policyDefinitionReferenceId": "AINE_PasswordPolicy_msid232",
97
  "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/f6ec09a3-78bf-4f8f-99dc-6c77182d0f99",
 
98
  "parameters": {
99
  "IncludeArcMachines": {
100
  "value": "[parameters('IncludeArcMachines')]"
101
  }
102
  }
103
  }
 
 
 
104
  ]
105
  }
 
1
  {
2
  "displayName": "Audit machines with insecure password security settings",
3
  "description": "This initiative deploys the policy requirements and audits machines with insecure password security settings. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol",
4
  "metadata": {
5
+ "version": "1.1.0",
6
  "category": "Guest Configuration"
7
  },
8
+ "version": "1.1.0",
9
  "parameters": {
10
  "IncludeArcMachines": {
11
  "type": "String",
12
  "metadata": {
 
17
  "true",
18
  "false"
19
  ],
20
  "defaultValue": "false"
21
+ },
22
+ "MaximumPasswordAge": {
23
+ "type": "String",
24
+ "metadata": {
25
+ "displayName": "Maximum password age",
26
+ "description": "The Maximum password age setting determines the period of time (in days) that a password can be used before the system requires the user to change it."
27
+ },
28
+ "defaultValue": "70"
29
+ },
30
+ "MinimumPasswordAge": {
31
+ "type": "String",
32
+ "metadata": {
33
+ "displayName": "Minimum password age",
34
+ "description": "The Minimum password age setting determines the period of time (in days) that a password must be used before the user can change it."
35
+ },
36
+ "defaultValue": "1"
37
+ },
38
+ "EnforcePasswordHistory": {
39
+ "type": "String",
40
+ "metadata": {
41
+ "displayName": "Enforce password history",
42
+ "description": "The Enforce password history setting determines the number of unique new passwords that must be associated with a user account before an old password can be reused."
43
+ },
44
+ "defaultValue": "24"
45
+ },
46
+ "MinimumPasswordLength": {
47
+ "type": "String",
48
+ "metadata": {
49
+ "displayName": "Minimum password length",
50
+ "description": "The Minimum password length setting determines the least number of characters that can make up a password for a user account."
51
+ },
52
+ "defaultValue": "14"
53
  }
54
  },
55
  "policyDefinitions": [
56
  {
57
  "policyDefinitionReferenceId": "AINE_MaximumPasswordAge",
58
  "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/4ceb8dc2-559c-478b-a15b-733fbf1e3738",
59
+ "definitionVersion": "2.*.*",
60
  "parameters": {
61
  "IncludeArcMachines": {
62
  "value": "[parameters('IncludeArcMachines')]"
63
+ },
64
+ "MaximumPasswordAge": {
65
+ "value": "[parameters('MaximumPasswordAge')]"
66
  }
67
  }
68
  },
69
  {
70
  "policyDefinitionReferenceId": "AINE_MinimumPasswordAge",
71
  "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/237b38db-ca4d-4259-9e47-7882441ca2c0",
72
+ "definitionVersion": "2.*.*",
73
  "parameters": {
74
  "IncludeArcMachines": {
75
  "value": "[parameters('IncludeArcMachines')]"
76
+ },
77
+ "MinimumPasswordAge": {
78
+ "value": "[parameters('MinimumPasswordAge')]"
79
  }
80
  }
81
  },
82
  {
83
  "policyDefinitionReferenceId": "AINE_PasswordMustMeetComplexityRequirements",
84
  "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/bf16e0bb-31e1-4646-8202-60a235cc7e74",
85
+ "definitionVersion": "2.*.*",
86
  "parameters": {
87
  "IncludeArcMachines": {
88
  "value": "[parameters('IncludeArcMachines')]"
89
  }
 
91
  },
92
  {
93
  "policyDefinitionReferenceId": "AINE_StorePasswordsUsingReversibleEncryption",
94
  "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/da0f98fe-a24b-4ad5-af69-bd0400233661",
95
+ "definitionVersion": "2.*.*",
96
  "parameters": {
97
  "IncludeArcMachines": {
98
  "value": "[parameters('IncludeArcMachines')]"
99
  }
 
101
  },
102
  {
103
  "policyDefinitionReferenceId": "AINE_EnforcePasswordHistory",
104
  "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/5b054a0d-39e2-4d53-bea3-9734cad2c69b",
105
+ "definitionVersion": "2.*.*",
106
  "parameters": {
107
  "IncludeArcMachines": {
108
  "value": "[parameters('IncludeArcMachines')]"
109
+ },
110
+ "EnforcePasswordHistory": {
111
+ "value": "[parameters('EnforcePasswordHistory')]"
112
  }
113
  }
114
  },
115
  {
116
  "policyDefinitionReferenceId": "AINE_MinimumPasswordLength",
117
  "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/a2d0e922-65d0-40c4-8f87-ea6da2d307a2",
118
+ "definitionVersion": "2.*.*",
119
  "parameters": {
120
  "IncludeArcMachines": {
121
  "value": "[parameters('IncludeArcMachines')]"
122
+ },
123
+ "MinimumPasswordLength": {
124
+ "value": "[parameters('MinimumPasswordLength')]"
125
  }
126
  }
127
  },
128
  {
129
  "policyDefinitionReferenceId": "AINE_PasswordPolicy_msid110",
130
  "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/ea53dbee-c6c9-4f0e-9f9e-de0039b78023",
131
+ "definitionVersion": "3.*.*",
132
  "parameters": {
133
  "IncludeArcMachines": {
134
  "value": "[parameters('IncludeArcMachines')]"
135
  }
 
137
  },
138
  {
139
  "policyDefinitionReferenceId": "AINE_PasswordPolicy_msid121",
140
  "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e6955644-301c-44b5-a4c4-528577de6861",
141
+ "definitionVersion": "3.*.*",
142
  "parameters": {
143
  "IncludeArcMachines": {
144
  "value": "[parameters('IncludeArcMachines')]"
145
  }
 
147
  },
148
  {
149
  "policyDefinitionReferenceId": "AINE_PasswordPolicy_msid232",
150
  "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/f6ec09a3-78bf-4f8f-99dc-6c77182d0f99",
151
+ "definitionVersion": "3.*.*",
152
  "parameters": {
153
  "IncludeArcMachines": {
154
  "value": "[parameters('IncludeArcMachines')]"
155
  }
156
  }
157
  }
158
+ ],
159
+ "versions": [
160
+ "1.1.0"
161
  ]
162
  }
JSON
api-version=2023-04-01
EPAC
{8 items}