Azure and GCP Perimeter Security, CIS Updates, and Enhanced Plugins →
Powerpipe Hub 
Hub
Mods
turbot/steampipe-mod-azure-compliance
Overview
16Dashboards
1651Benchmarks
486Queries
8Variables
GitHub

Control: 2.9 Ensure that 'Number of days before users are asked to re-confirm their authentication information' is not set to '0'

Description

Ensure that the number of days before users are asked to re-confirm their authentication information is not set to 0.

This setting is necessary if you have setup 'Require users to register when signing in option'. If authentication re-confirmation is disabled, registered users will never be prompted to re-confirm their existing authentication information. If the authentication information for a user changes, such as a phone number or email, then the password reset information for that user reverts to the previously registered authentication information.

Remediation

From Azure Portal

  1. From Azure Home select the Portal Menu.
  2. Select Microsoft Entra ID.
  3. Under Manage, select Users.
  4. Under Manage, select Password reset.
  5. Under Manage, select Registration.
  6. Set the Number of days before users are asked to re-confirm their authentication information to your organization-defined frequency.
  7. Click Save.

Default Value

By default, the Number of days before users are asked to re-confirm their authentication information is set to "180 days".

Usage

Run the control in your terminal:

powerpipe control run azure_compliance.control.cis_v300_2_9

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run azure_compliance.control.cis_v300_2_9 --share

SQL

This control uses a named query:

select
  'active_directory' as resource,
  'info' as status,
  'Manual verification required.' as reason;

Tags

category = Compliance
cis = true
cis_item_id = 2.9
cis_level = 1
cis_section_id = 2
cis_type = manual
cis_version = v3.0.0
plugin = azure
service = Azure/ActiveDirectory