Control: Audit Windows machines that do not restrict the minimum password length to 14 characters

Description

Requires that prerequisites are deployed to the policy assignment scope. Machines are non-compliant if Windows machines that do not restrict the minimum password length to 14 characters.

Usage

Run the control in your terminal:

powerpipe control run azure_compliance.control.compute_vm_min_password_length_14_windows

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run azure_compliance.control.compute_vm_min_password_length_14_windows --share

SQL

This control uses a named query:

with vm_min_password_age as (
  select
    distinct a.vm_id
  from
    azure_compute_virtual_machine as a,
    jsonb_array_elements(guest_configuration_assignments) as b
  where
    b -> 'guestConfiguration' ->> 'name'= 'MinimumPasswordLength'
    and b ->> 'complianceStatus' = 'Compliant'
)
select
  a.vm_id as resource,
  case
    when a.os_type <> 'Windows' then 'skip'
    when b.vm_id is not null then 'ok'
    else 'alarm'
  end as status,
  case
    when a.os_type <> 'Windows' then a.title || ' is of ' || a.os_type || ' operating system.'
    when b.vm_id is not null then a.title || ' minimum password length is 14 characters.'
    else a.title || ' minimum password length is not 14 characters.'
  end as reason
  
  , a.resource_group as resource_group
  , sub.display_name as subscription
from
  azure_compute_virtual_machine as a
  left join vm_min_password_age as b on a.vm_id = b.vm_id,
  azure_subscription as sub
where
  sub.subscription_id = a.subscription_id;

Control: Audit Windows machines that do not restrict the minimum password length to 14 characters

Description

Usage

SQL

Tags