AzInitiativeAdvertizer

last sync: 2020-Jul-13 14:14:31 UTC

Azure Policy Initiative

Audit VMs with insecure password security settings

Initiative DisplayName Audit VMs with insecure password security settings

Initiative Id 3fa7cbf5-c0a4-4a59-85a5-cca4d996d5a6

Initiative Category Guest Configuration

Initiative Description This initiative deploys the policy requirements and audits virtual machines with insecure password security settings. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol

Initiative Type BuiltIn

Initiative Changes

Date/Time (UTC ymd) (i)	Change(s)
2020-06-11 19:46:04	change DisplayName Name change: '[Preview]: Audit VMs with insecure password security settings' to 'Audit VMs with insecure password security settings'

Initiative Policies count Total Policies: 18
Builtin Policies: 18/18
Static Policies: 0/18

Initiative Policies

Policy DisplayName	Policy Id
Show audit results from Linux VMs that do not have the passwd file permissions set to 0644	b18175dd-c599-4c64-83ba-bb018a06d35b
Show audit results from Windows VMs that do not store passwords using reversible encryption	2d60d3b7-aa10-454c-88a8-de39d99d17c6
Show audit results from Linux VMs that have accounts without passwords	c40c9087-1981-4e73-9f53-39743eda9d05
Show audit results from Windows VMs that do not have a maximum password age of 70 days	24dde96d-f0b1-425e-884f-4a1421e2dcdc
Deploy prerequisites to audit Windows VMs that do not have a minimum password age of 1 day	16390df4-2f73-4b42-af13-c801066763df
Deploy prerequisites to audit Linux VMs that have accounts without passwords	3470477a-b35a-49db-aca5-1073d04524fe
Deploy prerequisites to audit Windows VMs that allow re-use of the previous 24 passwords	726671ac-c4de-4908-8c7d-6043ae62e3b6
Show audit results from Windows VMs that do not have the password complexity setting enabled	f48b2913-1dc5-4834-8c72-ccc1dfd819bb
Deploy prerequisites to audit Windows VMs that do not have the password complexity setting enabled	7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8
Deploy prerequisites to audit Windows VMs that do not restrict the minimum password length to 14 characters	23020aa6-1135-4be2-bae2-149982b06eca
Deploy prerequisites to audit Windows VMs that do not store passwords using reversible encryption	8ff0b18b-262e-4512-857a-48ad0aeb9a78
Show audit results from Windows VMs that do not have a minimum password age of 1 day	5aa11bbc-5c76-4302-80e5-aba46a4282e7
Deploy prerequisites to audit Linux VMs that do not have the passwd file permissions set to 0644	f19aa1c1-6b91-4c27-ae6a-970279f03db9
Show audit results from Linux VMs that allow remote connections from accounts without passwords	2d67222d-05fd-4526-a171-2ee132ad9e83
Show audit results from Windows VMs that allow re-use of the previous 24 passwords	cdbf72d9-ac9c-4026-8a3a-491a5ac59293
Deploy prerequisites to audit Windows VMs that do not have a maximum password age of 70 days	356a906e-05e5-4625-8729-90771e0ee934
Deploy prerequisites to audit Linux VMs that allow remote connections from accounts without passwords	ec49586f-4939-402d-a29e-6ff502b20592
Show audit results from Windows VMs that do not restrict the minimum password length to 14 characters	5aebc8d1-020d-4037-89a0-02043a7524ec

Initiative Rule

{
  "properties": {
    "displayName": "Audit VMs with insecure password security settings",
    "policyType": "BuiltIn",
    "description": "This initiative deploys the policy requirements and audits virtual machines with insecure password security settings. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol",
    "metadata": {
      "version": "1.1.0",
      "category": "Guest Configuration"
    },
    "policyDefinitions": [
      {
        "policyDefinitionReferenceId": "Deploy_MaximumPasswordAge",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/356a906e-05e5-4625-8729-90771e0ee934"
      },
      {
        "policyDefinitionReferenceId": "Deploy_MinimumPasswordAge",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/16390df4-2f73-4b42-af13-c801066763df"
      },
      {
        "policyDefinitionReferenceId": "Deploy_PasswordMustMeetComplexityRequirements",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8"
      },
      {
        "policyDefinitionReferenceId": "Deploy_StorePasswordsUsingReversibleEncryption",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/8ff0b18b-262e-4512-857a-48ad0aeb9a78"
      },
      {
        "policyDefinitionReferenceId": "Deploy_EnforcePasswordHistory",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/726671ac-c4de-4908-8c7d-6043ae62e3b6"
      },
      {
        "policyDefinitionReferenceId": "Deploy_MinimumPasswordLength",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/23020aa6-1135-4be2-bae2-149982b06eca"
      },
      {
        "policyDefinitionReferenceId": "Deploy_PasswordPolicy_msid110",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/ec49586f-4939-402d-a29e-6ff502b20592"
      },
      {
        "policyDefinitionReferenceId": "Deploy_PasswordPolicy_msid121",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/f19aa1c1-6b91-4c27-ae6a-970279f03db9"
      },
      {
        "policyDefinitionReferenceId": "Deploy_PasswordPolicy_msid232",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/3470477a-b35a-49db-aca5-1073d04524fe"
      },
      {
        "policyDefinitionReferenceId": "Audit_MaximumPasswordAge",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/24dde96d-f0b1-425e-884f-4a1421e2dcdc"
      },
      {
        "policyDefinitionReferenceId": "Audit_MinimumPasswordAge",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/5aa11bbc-5c76-4302-80e5-aba46a4282e7"
      },
      {
        "policyDefinitionReferenceId": "Audit_PasswordMustMeetComplexityRequirements",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/f48b2913-1dc5-4834-8c72-ccc1dfd819bb"
      },
      {
        "policyDefinitionReferenceId": "Audit_StorePasswordsUsingReversibleEncryption",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/2d60d3b7-aa10-454c-88a8-de39d99d17c6"
      },
      {
        "policyDefinitionReferenceId": "Audit_EnforcePasswordHistory",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/cdbf72d9-ac9c-4026-8a3a-491a5ac59293"
      },
      {
        "policyDefinitionReferenceId": "Audit_MinimumPasswordLength",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/5aebc8d1-020d-4037-89a0-02043a7524ec"
      },
      {
        "policyDefinitionReferenceId": "Audit_PasswordPolicy_msid110",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/2d67222d-05fd-4526-a171-2ee132ad9e83"
      },
      {
        "policyDefinitionReferenceId": "Audit_PasswordPolicy_msid121",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/b18175dd-c599-4c64-83ba-bb018a06d35b"
      },
      {
        "policyDefinitionReferenceId": "Audit_PasswordPolicy_msid232",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/c40c9087-1981-4e73-9f53-39743eda9d05"
      }
    ]
  },
  "id": "/providers/Microsoft.Authorization/policySetDefinitions/3fa7cbf5-c0a4-4a59-85a5-cca4d996d5a6",
  "type": "Microsoft.Authorization/policySetDefinitions",
  "name": "3fa7cbf5-c0a4-4a59-85a5-cca4d996d5a6"
}

Azure Policy Initiative

Audit VMs with insecure password security settings

Popular