Control: Audit Windows machines that do not have a minimum password age of 1 day
Description
Requires that prerequisites are deployed to the policy assignment scope. Machines are non-compliant if Windows machines that do not have a minimum password age of 1 day.
Usage
Run the control in your terminal:
powerpipe control run azure_compliance.control.compute_vm_min_password_age_1_day_windowsSnapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run azure_compliance.control.compute_vm_min_password_age_1_day_windows --shareSQL
This control uses a named query:
with vm_min_password_age as ( select distinct a.vm_id from azure_compute_virtual_machine as a, jsonb_array_elements(guest_configuration_assignments) as b where b -> 'guestConfiguration' ->> 'name'= 'MinimumPasswordAge' and b ->> 'complianceStatus' = 'Compliant')select a.vm_id as resource, case when a.os_type <> 'Windows' then 'skip' when b.vm_id is not null then 'ok' else 'alarm' end as status, case when a.os_type <> 'Windows' then a.title || ' is of ' || a.os_type || ' operating system.' when b.vm_id is not null then a.title || ' minimum password age is 1 day.' else a.title || ' minimum password age is not 1 day.' end as reason , a.resource_group as resource_group , sub.display_name as subscriptionfrom azure_compute_virtual_machine as a left join vm_min_password_age as b on a.vm_id = b.vm_id, azure_subscription as subwhere sub.subscription_id = a.subscription_id;