last sync: 2020-Sep-24 14:01:31 UTC

Azure Policy Initiative

Audit machines with insecure password security settings

Initiative DisplayName Audit machines with insecure password security settings
Initiative Id 095e4ed9-c835-4ab6-9439-b5644362a06c
Initiative Category Guest Configuration
Initiative Description This initiative deploys the policy requirements and audits machines with insecure password security settings. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol
Initiative Type BuiltIn
Initiative Changes
Date/Time (UTC ymd) (i) Change(s)
2020-09-09 11:24:08 add Initiative 095e4ed9-c835-4ab6-9439-b5644362a06c
Initiative Policies count Total Policies: 9
Builtin Policies: 9/9
Static Policies: 0/9
Initiative Policies
Policy DisplayName Policy Id
Audit Linux machines that do not have the passwd file permissions set to 0644 e6955644-301c-44b5-a4c4-528577de6861
Audit Windows machines that do not have a minimum password age of 1 day 237b38db-ca4d-4259-9e47-7882441ca2c0
Audit Windows machines that allow re-use of the previous 24 passwords 5b054a0d-39e2-4d53-bea3-9734cad2c69b
Audit Windows machines that do not restrict the minimum password length to 14 characters a2d0e922-65d0-40c4-8f87-ea6da2d307a2
Audit Linux machines that allow remote connections from accounts without passwords ea53dbee-c6c9-4f0e-9f9e-de0039b78023
Audit Windows machines that do not store passwords using reversible encryption da0f98fe-a24b-4ad5-af69-bd0400233661
Audit Windows machines that do not have a maximum password age of 70 days 4ceb8dc2-559c-478b-a15b-733fbf1e3738
Audit Windows machines that do not have the password complexity setting enabled bf16e0bb-31e1-4646-8202-60a235cc7e74
Audit Linux machines that have accounts without passwords f6ec09a3-78bf-4f8f-99dc-6c77182d0f99
Initiative Rule
{
  "properties": {
    "displayName": "Audit machines with insecure password security settings",
    "policyType": "BuiltIn",
    "description": "This initiative deploys the policy requirements and audits machines with insecure password security settings. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol",
    "metadata": {
      "version": "1.0.0",
      "category": "Guest Configuration"
    },
    "parameters": {
      "IncludeArcMachines": {
        "type": "String",
        "metadata": {
          "displayName": "Include Arc connected servers",
          "description": "By selecting this option, you agree to be charged monthly per Arc connected machine."
        },
        "allowedValues": [
          "true",
          "false"
        ],
        "defaultValue": "false"
      }
    },
    "policyDefinitions": [
      {
        "policyDefinitionReferenceId": "AINE_MaximumPasswordAge",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/4ceb8dc2-559c-478b-a15b-733fbf1e3738",
        "parameters": {
          "IncludeArcMachines": {
          "value": "[parameters('IncludeArcMachines')]"
          }
        }
      },
      {
        "policyDefinitionReferenceId": "AINE_MinimumPasswordAge",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/237b38db-ca4d-4259-9e47-7882441ca2c0",
        "parameters": {
          "IncludeArcMachines": {
          "value": "[parameters('IncludeArcMachines')]"
          }
        }
      },
      {
        "policyDefinitionReferenceId": "AINE_PasswordMustMeetComplexityRequirements",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/bf16e0bb-31e1-4646-8202-60a235cc7e74",
        "parameters": {
          "IncludeArcMachines": {
          "value": "[parameters('IncludeArcMachines')]"
          }
        }
      },
      {
        "policyDefinitionReferenceId": "AINE_StorePasswordsUsingReversibleEncryption",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/da0f98fe-a24b-4ad5-af69-bd0400233661",
        "parameters": {
          "IncludeArcMachines": {
          "value": "[parameters('IncludeArcMachines')]"
          }
        }
      },
      {
        "policyDefinitionReferenceId": "AINE_EnforcePasswordHistory",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/5b054a0d-39e2-4d53-bea3-9734cad2c69b",
        "parameters": {
          "IncludeArcMachines": {
          "value": "[parameters('IncludeArcMachines')]"
          }
        }
      },
      {
        "policyDefinitionReferenceId": "AINE_MinimumPasswordLength",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/a2d0e922-65d0-40c4-8f87-ea6da2d307a2",
        "parameters": {
          "IncludeArcMachines": {
          "value": "[parameters('IncludeArcMachines')]"
          }
        }
      },
      {
        "policyDefinitionReferenceId": "AINE_PasswordPolicy_msid110",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/ea53dbee-c6c9-4f0e-9f9e-de0039b78023",
        "parameters": {
          "IncludeArcMachines": {
          "value": "[parameters('IncludeArcMachines')]"
          }
        }
      },
      {
        "policyDefinitionReferenceId": "AINE_PasswordPolicy_msid121",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e6955644-301c-44b5-a4c4-528577de6861",
        "parameters": {
          "IncludeArcMachines": {
          "value": "[parameters('IncludeArcMachines')]"
          }
        }
      },
      {
        "policyDefinitionReferenceId": "AINE_PasswordPolicy_msid232",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/f6ec09a3-78bf-4f8f-99dc-6c77182d0f99",
        "parameters": {
          "IncludeArcMachines": {
          "value": "[parameters('IncludeArcMachines')]"
          }
        }
      }
    ]
  },
  "id": "/providers/Microsoft.Authorization/policySetDefinitions/095e4ed9-c835-4ab6-9439-b5644362a06c",
  "type": "Microsoft.Authorization/policySetDefinitions",
  "name": "095e4ed9-c835-4ab6-9439-b5644362a06c"
}