last sync: 2020-Jul-13 14:14:31 UTC

Azure Policy Initiative

Audit VMs with insecure password security settings

Initiative DisplayName Audit VMs with insecure password security settings
Initiative Id 3fa7cbf5-c0a4-4a59-85a5-cca4d996d5a6
Initiative Category Guest Configuration
Initiative Description This initiative deploys the policy requirements and audits virtual machines with insecure password security settings. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol
Initiative Type BuiltIn
Initiative Changes
Date/Time (UTC ymd) (i) Change(s)
2020-06-11 19:46:04 change DisplayName Name change: '[Preview]: Audit VMs with insecure password security settings' to 'Audit VMs with insecure password security settings'
Initiative Policies count Total Policies: 18
Builtin Policies: 18/18
Static Policies: 0/18
Initiative Policies
Policy DisplayName Policy Id
Show audit results from Linux VMs that do not have the passwd file permissions set to 0644 b18175dd-c599-4c64-83ba-bb018a06d35b
Show audit results from Windows VMs that do not store passwords using reversible encryption 2d60d3b7-aa10-454c-88a8-de39d99d17c6
Show audit results from Linux VMs that have accounts without passwords c40c9087-1981-4e73-9f53-39743eda9d05
Show audit results from Windows VMs that do not have a maximum password age of 70 days 24dde96d-f0b1-425e-884f-4a1421e2dcdc
Deploy prerequisites to audit Windows VMs that do not have a minimum password age of 1 day 16390df4-2f73-4b42-af13-c801066763df
Deploy prerequisites to audit Linux VMs that have accounts without passwords 3470477a-b35a-49db-aca5-1073d04524fe
Deploy prerequisites to audit Windows VMs that allow re-use of the previous 24 passwords 726671ac-c4de-4908-8c7d-6043ae62e3b6
Show audit results from Windows VMs that do not have the password complexity setting enabled f48b2913-1dc5-4834-8c72-ccc1dfd819bb
Deploy prerequisites to audit Windows VMs that do not have the password complexity setting enabled 7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8
Deploy prerequisites to audit Windows VMs that do not restrict the minimum password length to 14 characters 23020aa6-1135-4be2-bae2-149982b06eca
Deploy prerequisites to audit Windows VMs that do not store passwords using reversible encryption 8ff0b18b-262e-4512-857a-48ad0aeb9a78
Show audit results from Windows VMs that do not have a minimum password age of 1 day 5aa11bbc-5c76-4302-80e5-aba46a4282e7
Deploy prerequisites to audit Linux VMs that do not have the passwd file permissions set to 0644 f19aa1c1-6b91-4c27-ae6a-970279f03db9
Show audit results from Linux VMs that allow remote connections from accounts without passwords 2d67222d-05fd-4526-a171-2ee132ad9e83
Show audit results from Windows VMs that allow re-use of the previous 24 passwords cdbf72d9-ac9c-4026-8a3a-491a5ac59293
Deploy prerequisites to audit Windows VMs that do not have a maximum password age of 70 days 356a906e-05e5-4625-8729-90771e0ee934
Deploy prerequisites to audit Linux VMs that allow remote connections from accounts without passwords ec49586f-4939-402d-a29e-6ff502b20592
Show audit results from Windows VMs that do not restrict the minimum password length to 14 characters 5aebc8d1-020d-4037-89a0-02043a7524ec
Initiative Rule
{
  "properties": {
    "displayName": "Audit VMs with insecure password security settings",
    "policyType": "BuiltIn",
    "description": "This initiative deploys the policy requirements and audits virtual machines with insecure password security settings. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol",
    "metadata": {
      "version": "1.1.0",
      "category": "Guest Configuration"
    },
    "policyDefinitions": [
      {
        "policyDefinitionReferenceId": "Deploy_MaximumPasswordAge",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/356a906e-05e5-4625-8729-90771e0ee934"
      },
      {
        "policyDefinitionReferenceId": "Deploy_MinimumPasswordAge",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/16390df4-2f73-4b42-af13-c801066763df"
      },
      {
        "policyDefinitionReferenceId": "Deploy_PasswordMustMeetComplexityRequirements",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8"
      },
      {
        "policyDefinitionReferenceId": "Deploy_StorePasswordsUsingReversibleEncryption",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/8ff0b18b-262e-4512-857a-48ad0aeb9a78"
      },
      {
        "policyDefinitionReferenceId": "Deploy_EnforcePasswordHistory",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/726671ac-c4de-4908-8c7d-6043ae62e3b6"
      },
      {
        "policyDefinitionReferenceId": "Deploy_MinimumPasswordLength",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/23020aa6-1135-4be2-bae2-149982b06eca"
      },
      {
        "policyDefinitionReferenceId": "Deploy_PasswordPolicy_msid110",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/ec49586f-4939-402d-a29e-6ff502b20592"
      },
      {
        "policyDefinitionReferenceId": "Deploy_PasswordPolicy_msid121",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/f19aa1c1-6b91-4c27-ae6a-970279f03db9"
      },
      {
        "policyDefinitionReferenceId": "Deploy_PasswordPolicy_msid232",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/3470477a-b35a-49db-aca5-1073d04524fe"
      },
      {
        "policyDefinitionReferenceId": "Audit_MaximumPasswordAge",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/24dde96d-f0b1-425e-884f-4a1421e2dcdc"
      },
      {
        "policyDefinitionReferenceId": "Audit_MinimumPasswordAge",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/5aa11bbc-5c76-4302-80e5-aba46a4282e7"
      },
      {
        "policyDefinitionReferenceId": "Audit_PasswordMustMeetComplexityRequirements",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/f48b2913-1dc5-4834-8c72-ccc1dfd819bb"
      },
      {
        "policyDefinitionReferenceId": "Audit_StorePasswordsUsingReversibleEncryption",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/2d60d3b7-aa10-454c-88a8-de39d99d17c6"
      },
      {
        "policyDefinitionReferenceId": "Audit_EnforcePasswordHistory",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/cdbf72d9-ac9c-4026-8a3a-491a5ac59293"
      },
      {
        "policyDefinitionReferenceId": "Audit_MinimumPasswordLength",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/5aebc8d1-020d-4037-89a0-02043a7524ec"
      },
      {
        "policyDefinitionReferenceId": "Audit_PasswordPolicy_msid110",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/2d67222d-05fd-4526-a171-2ee132ad9e83"
      },
      {
        "policyDefinitionReferenceId": "Audit_PasswordPolicy_msid121",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/b18175dd-c599-4c64-83ba-bb018a06d35b"
      },
      {
        "policyDefinitionReferenceId": "Audit_PasswordPolicy_msid232",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/c40c9087-1981-4e73-9f53-39743eda9d05"
      }
    ]
  },
  "id": "/providers/Microsoft.Authorization/policySetDefinitions/3fa7cbf5-c0a4-4a59-85a5-cca4d996d5a6",
  "type": "Microsoft.Authorization/policySetDefinitions",
  "name": "3fa7cbf5-c0a4-4a59-85a5-cca4d996d5a6"
}