| Source | Azure Portal | ||
| Display name | Microsoft Managed Control 1328 - Authenticator Management | Password-Based Authentication | ||
| Id | f5c66fdc-3d02-4034-9db5-ba57802609de | ||
| Version | 1.0.0 Details on versioning |
||
| Versioning |
Versions supported for Versioning: 0 Built-in Versioning [Preview] |
||
| Category | Regulatory Compliance Microsoft Learn |
||
| Description | Microsoft implements this Identification and Authentication control | ||
| Additional metadata |
Name/Id: ACF1328 / Microsoft Managed Control 1328 Category: Identification and Authentication Title: Authenticator Management | Password-Based Authentication - Changed Character Count Ownership: Customer, Microsoft Description: The information system, for password-based authentication: Enforces at least the following number of changed characters when new passwords are created: 1 character; Requirements: Where passwords exist, Azure enforces at least a one-character change when new passwords are created. Due to system limitations, Azure does not enforce a fifty percent (50%) change requirement in every new password. Azure implements strong password complexity, password expiration, password history, account lockout, and minimum password length to provide mitigation to the risks of not meeting this requirement. Additionally, the use of multifactor authentication via smart cards required at all authentication points provides strong security controls against credential guessing attacks. Azure considers these mitigating factors sufficient to address the incremental risk between Azure the required values for the number of changed characters. |
||
| Mode | Indexed | ||
| Type | Static | ||
| Preview | False | ||
| Deprecated | False | ||
| Effect | Fixed audit |
||
| RBAC role(s) | none | ||
| Rule aliases | none | ||
| Rule resource types | IF (2) Microsoft.Resources/subscriptions Microsoft.Resources/subscriptions/resourceGroups |
||
| Compliance | Not a Compliance control | ||
| Initiatives usage | none | ||
| History | none | ||
| JSON compare | n/a | ||
| JSON |
|