Control: Audit Windows machines that allow re-use of the previous 24 passwords

Description

Requires that prerequisites are deployed to the policy assignment scope. Machines are non-compliant if Windows machines that allow re-use of the previous 24 passwords.

Usage

Run the control in your terminal:

powerpipe control run azure_compliance.control.compute_vm_restrict_previous_24_passwords_resuse_windows

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run azure_compliance.control.compute_vm_restrict_previous_24_passwords_resuse_windows --share

SQL

This control uses a named query:

with vm_enforce_password_history as (
  select
    distinct a.vm_id
  from
    azure_compute_virtual_machine as a,
    jsonb_array_elements(guest_configuration_assignments) as b
  where
    b -> 'guestConfiguration' ->> 'name'= 'EnforcePasswordHistory'
    and b ->> 'complianceStatus' = 'Compliant'
)
select
  a.vm_id as resource,
  case
    when a.os_type <> 'Windows' then 'skip'
    when b.vm_id is not null then 'ok'
    else 'alarm'
  end as status,
  case
    when a.os_type <> 'Windows' then a.title || ' is of ' || a.os_type || ' operating system.'
    when b.vm_id is not null then a.title || ' enforce password history.'
    else a.title || ' doest not enforce password history.'
  end as reason
  
  , a.resource_group as resource_group
  , sub.display_name as subscription
from
  azure_compute_virtual_machine as a
  left join vm_enforce_password_history as b on a.vm_id = b.vm_id,
  azure_subscription as sub
where
  sub.subscription_id = a.subscription_id;

Control: Audit Windows machines that allow re-use of the previous 24 passwords

Description

Usage

SQL

Tags