|
|
1
|
{
|
2
|
"displayName": "Audit machines with insecure password security settings",
|
3
|
"description": "This initiative deploys the policy requirements and audits machines with insecure password security settings. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol",
|
4
|
"metadata": {
|
5
|
+
"version": "1.1.0",
|
6
|
"category": "Guest Configuration"
|
7
|
},
|
8
|
+
"version": "1.1.0",
|
9
|
"parameters": {
|
10
|
"IncludeArcMachines": {
|
11
|
"type": "String",
|
12
|
"metadata": {
|
|
|
17
|
"true",
|
18
|
"false"
|
19
|
],
|
20
|
"defaultValue": "false"
|
21
|
+
},
|
22
|
+
"MaximumPasswordAge": {
|
23
|
+
"type": "String",
|
24
|
+
"metadata": {
|
25
|
+
"displayName": "Maximum password age",
|
26
|
+
"description": "The Maximum password age setting determines the period of time (in days) that a password can be used before the system requires the user to change it."
|
27
|
+
},
|
28
|
+
"defaultValue": "70"
|
29
|
+
},
|
30
|
+
"MinimumPasswordAge": {
|
31
|
+
"type": "String",
|
32
|
+
"metadata": {
|
33
|
+
"displayName": "Minimum password age",
|
34
|
+
"description": "The Minimum password age setting determines the period of time (in days) that a password must be used before the user can change it."
|
35
|
+
},
|
36
|
+
"defaultValue": "1"
|
37
|
+
},
|
38
|
+
"EnforcePasswordHistory": {
|
39
|
+
"type": "String",
|
40
|
+
"metadata": {
|
41
|
+
"displayName": "Enforce password history",
|
42
|
+
"description": "The Enforce password history setting determines the number of unique new passwords that must be associated with a user account before an old password can be reused."
|
43
|
+
},
|
44
|
+
"defaultValue": "24"
|
45
|
+
},
|
46
|
+
"MinimumPasswordLength": {
|
47
|
+
"type": "String",
|
48
|
+
"metadata": {
|
49
|
+
"displayName": "Minimum password length",
|
50
|
+
"description": "The Minimum password length setting determines the least number of characters that can make up a password for a user account."
|
51
|
+
},
|
52
|
+
"defaultValue": "14"
|
53
|
}
|
54
|
},
|
55
|
"policyDefinitions": [
|
56
|
{
|
57
|
"policyDefinitionReferenceId": "AINE_MaximumPasswordAge",
|
58
|
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/4ceb8dc2-559c-478b-a15b-733fbf1e3738",
|
59
|
+
"definitionVersion": "2.*.*",
|
60
|
"parameters": {
|
61
|
"IncludeArcMachines": {
|
62
|
"value": "[parameters('IncludeArcMachines')]"
|
63
|
+
},
|
64
|
+
"MaximumPasswordAge": {
|
65
|
+
"value": "[parameters('MaximumPasswordAge')]"
|
66
|
}
|
67
|
}
|
68
|
},
|
69
|
{
|
70
|
"policyDefinitionReferenceId": "AINE_MinimumPasswordAge",
|
71
|
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/237b38db-ca4d-4259-9e47-7882441ca2c0",
|
72
|
+
"definitionVersion": "2.*.*",
|
73
|
"parameters": {
|
74
|
"IncludeArcMachines": {
|
75
|
"value": "[parameters('IncludeArcMachines')]"
|
76
|
+
},
|
77
|
+
"MinimumPasswordAge": {
|
78
|
+
"value": "[parameters('MinimumPasswordAge')]"
|
79
|
}
|
80
|
}
|
81
|
},
|
82
|
{
|
83
|
"policyDefinitionReferenceId": "AINE_PasswordMustMeetComplexityRequirements",
|
84
|
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/bf16e0bb-31e1-4646-8202-60a235cc7e74",
|
85
|
+
"definitionVersion": "2.*.*",
|
86
|
"parameters": {
|
87
|
"IncludeArcMachines": {
|
88
|
"value": "[parameters('IncludeArcMachines')]"
|
89
|
}
|
|
|
91
|
},
|
92
|
{
|
93
|
"policyDefinitionReferenceId": "AINE_StorePasswordsUsingReversibleEncryption",
|
94
|
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/da0f98fe-a24b-4ad5-af69-bd0400233661",
|
95
|
+
"definitionVersion": "2.*.*",
|
96
|
"parameters": {
|
97
|
"IncludeArcMachines": {
|
98
|
"value": "[parameters('IncludeArcMachines')]"
|
99
|
}
|
|
|
101
|
},
|
102
|
{
|
103
|
"policyDefinitionReferenceId": "AINE_EnforcePasswordHistory",
|
104
|
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/5b054a0d-39e2-4d53-bea3-9734cad2c69b",
|
105
|
+
"definitionVersion": "2.*.*",
|
106
|
"parameters": {
|
107
|
"IncludeArcMachines": {
|
108
|
"value": "[parameters('IncludeArcMachines')]"
|
109
|
+
},
|
110
|
+
"EnforcePasswordHistory": {
|
111
|
+
"value": "[parameters('EnforcePasswordHistory')]"
|
112
|
}
|
113
|
}
|
114
|
},
|
115
|
{
|
116
|
"policyDefinitionReferenceId": "AINE_MinimumPasswordLength",
|
117
|
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/a2d0e922-65d0-40c4-8f87-ea6da2d307a2",
|
118
|
+
"definitionVersion": "2.*.*",
|
119
|
"parameters": {
|
120
|
"IncludeArcMachines": {
|
121
|
"value": "[parameters('IncludeArcMachines')]"
|
122
|
+
},
|
123
|
+
"MinimumPasswordLength": {
|
124
|
+
"value": "[parameters('MinimumPasswordLength')]"
|
125
|
}
|
126
|
}
|
127
|
},
|
128
|
{
|
129
|
"policyDefinitionReferenceId": "AINE_PasswordPolicy_msid110",
|
130
|
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/ea53dbee-c6c9-4f0e-9f9e-de0039b78023",
|
131
|
+
"definitionVersion": "3.*.*",
|
132
|
"parameters": {
|
133
|
"IncludeArcMachines": {
|
134
|
"value": "[parameters('IncludeArcMachines')]"
|
135
|
}
|
|
|
137
|
},
|
138
|
{
|
139
|
"policyDefinitionReferenceId": "AINE_PasswordPolicy_msid121",
|
140
|
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e6955644-301c-44b5-a4c4-528577de6861",
|
141
|
+
"definitionVersion": "3.*.*",
|
142
|
"parameters": {
|
143
|
"IncludeArcMachines": {
|
144
|
"value": "[parameters('IncludeArcMachines')]"
|
145
|
}
|
|
|
147
|
},
|
148
|
{
|
149
|
"policyDefinitionReferenceId": "AINE_PasswordPolicy_msid232",
|
150
|
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/f6ec09a3-78bf-4f8f-99dc-6c77182d0f99",
|
151
|
+
"definitionVersion": "3.*.*",
|
152
|
"parameters": {
|
153
|
"IncludeArcMachines": {
|
154
|
"value": "[parameters('IncludeArcMachines')]"
|
155
|
}
|
156
|
}
|
157
|
}
|
158
|
+
],
|
159
|
+
"versions": [
|
160
|
+
"1.1.0"
|
161
|
]
|
162
|
}
|