v1.0 for Steampipe, Powerpipe, Flowpipe, 116 plugins, and 44 mods →
Powerpipe Hub 
Hub
Mods
turbot/azure_compliance
Overview
13Dashboards
1311Controls
430Queries
2Variables
GitHub

Control: 1.6 Ensure that 'Number of days before users are asked to re-confirm their authentication information' is not set to "0"

Description

Ensure that the number of days before users are asked to re-confirm their authentication information is not set to 0.

If authentication re-confirmation is disabled, registered users will never be prompted to reconfirm their existing authentication information. If the authentication information for a user, such as a phone number or email changes, then the password reset information for that user reverts to the previously registered authentication information.

Remediation

From Console

  1. Log in to Azure Active Directory
  2. Go to Users
  3. Go to Password reset in side bar
  4. Go to Registration
  5. Set the Number of days before users are asked to re-confirm their authentication information to your organization defined frequency

Note: By default, the 'Number of days before users are asked to re-confirm their authentication information' is set to '180 days'.

Usage

Run the control in your terminal:

powerpipe control run azure_compliance.control.cis_v130_1_6

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run azure_compliance.control.cis_v130_1_6 --share

SQL

This control uses a named query:

ad_manual_control

Tags

category = Compliance
cis = true
cis_item_id = 1.6
cis_level = 1
cis_section_id = 1
cis_type = manual
cis_version = v1.3.0
plugin = azure
service = Azure/ActiveDirectory