AzInitiativeAdvertizer

last sync: 2021-Sep-17 15:46:38 UTC

Azure Policy Initiative

Audit machines with insecure password security settings

NameAudit machines with insecure password security settings
Azure Portal
Id095e4ed9-c835-4ab6-9439-b5644362a06c
Version1.0.0
details on versioning
CategoryGuest Configuration
Microsoft docs
DescriptionThis initiative deploys the policy requirements and audits machines with insecure password security settings. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol
TypeBuiltIn
DeprecatedFalse
PreviewFalse
History
Date/Time (UTC ymd) (i) Changes
2020-09-09 11:24:08 add Initiative 095e4ed9-c835-4ab6-9439-b5644362a06c
Policy count Total Policies: 9
Builtin Policies: 9
Static Policies: 0
Policy used
Policy DisplayName Policy Id Category Effect State
Audit Linux machines that allow remote connections from accounts without passwords ea53dbee-c6c9-4f0e-9f9e-de0039b78023 Guest Configuration Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)		 GA
Audit Linux machines that do not have the passwd file permissions set to 0644 e6955644-301c-44b5-a4c4-528577de6861 Guest Configuration Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)		 GA
Audit Linux machines that have accounts without passwords f6ec09a3-78bf-4f8f-99dc-6c77182d0f99 Guest Configuration Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)		 GA
Audit Windows machines that allow re-use of the previous 24 passwords 5b054a0d-39e2-4d53-bea3-9734cad2c69b Guest Configuration Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)		 GA
Audit Windows machines that do not have a maximum password age of 70 days 4ceb8dc2-559c-478b-a15b-733fbf1e3738 Guest Configuration Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)		 GA
Audit Windows machines that do not have a minimum password age of 1 day 237b38db-ca4d-4259-9e47-7882441ca2c0 Guest Configuration Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)		 GA
Audit Windows machines that do not have the password complexity setting enabled bf16e0bb-31e1-4646-8202-60a235cc7e74 Guest Configuration Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)		 GA
Audit Windows machines that do not restrict the minimum password length to 14 characters a2d0e922-65d0-40c4-8f87-ea6da2d307a2 Guest Configuration Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)		 GA
Audit Windows machines that do not store passwords using reversible encryption da0f98fe-a24b-4ad5-af69-bd0400233661 Guest Configuration Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)		 GA
JSON 
{
  "displayName": "Audit machines with insecure password security settings",
  "policyType": "BuiltIn",
  "description": "This initiative deploys the policy requirements and audits machines with insecure password security settings. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol",
  "metadata": {
    "version": "1.0.0",
    "category": "Guest Configuration"
  },
  "parameters": {
    "IncludeArcMachines": {
      "type": "String",
      "metadata": {
        "displayName": "Include Arc connected servers",
        "description": "By selecting this option, you agree to be charged monthly per Arc connected machine."
      },
      "allowedValues": [
        "true",
        "false"
      ],
      "defaultValue": "false"
    }
  },
  "policyDefinitions": [
    {
      "policyDefinitionReferenceId": "AINE_MaximumPasswordAge",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/4ceb8dc2-559c-478b-a15b-733fbf1e3738",
      "parameters": {
        "IncludeArcMachines": {
          "value": "[parameters('IncludeArcMachines')]"
        }
      }
    },
    {
      "policyDefinitionReferenceId": "AINE_MinimumPasswordAge",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/237b38db-ca4d-4259-9e47-7882441ca2c0",
      "parameters": {
        "IncludeArcMachines": {
          "value": "[parameters('IncludeArcMachines')]"
        }
      }
    },
    {
      "policyDefinitionReferenceId": "AINE_PasswordMustMeetComplexityRequirements",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/bf16e0bb-31e1-4646-8202-60a235cc7e74",
      "parameters": {
        "IncludeArcMachines": {
          "value": "[parameters('IncludeArcMachines')]"
        }
      }
    },
    {
      "policyDefinitionReferenceId": "AINE_StorePasswordsUsingReversibleEncryption",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/da0f98fe-a24b-4ad5-af69-bd0400233661",
      "parameters": {
        "IncludeArcMachines": {
          "value": "[parameters('IncludeArcMachines')]"
        }
      }
    },
    {
      "policyDefinitionReferenceId": "AINE_EnforcePasswordHistory",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/5b054a0d-39e2-4d53-bea3-9734cad2c69b",
      "parameters": {
        "IncludeArcMachines": {
          "value": "[parameters('IncludeArcMachines')]"
        }
      }
    },
    {
      "policyDefinitionReferenceId": "AINE_MinimumPasswordLength",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/a2d0e922-65d0-40c4-8f87-ea6da2d307a2",
      "parameters": {
        "IncludeArcMachines": {
          "value": "[parameters('IncludeArcMachines')]"
        }
      }
    },
    {
      "policyDefinitionReferenceId": "AINE_PasswordPolicy_msid110",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/ea53dbee-c6c9-4f0e-9f9e-de0039b78023",
      "parameters": {
        "IncludeArcMachines": {
          "value": "[parameters('IncludeArcMachines')]"
        }
      }
    },
    {
      "policyDefinitionReferenceId": "AINE_PasswordPolicy_msid121",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e6955644-301c-44b5-a4c4-528577de6861",
      "parameters": {
        "IncludeArcMachines": {
          "value": "[parameters('IncludeArcMachines')]"
        }
      }
    },
    {
      "policyDefinitionReferenceId": "AINE_PasswordPolicy_msid232",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/f6ec09a3-78bf-4f8f-99dc-6c77182d0f99",
      "parameters": {
        "IncludeArcMachines": {
          "value": "[parameters('IncludeArcMachines')]"
        }
      }
    }
  ]
}