{ "FeatureName": "User", "Reference": "", "IsMaintenanceMode": false, "Controls": [ { "ControlID": "AAD_User_Do_Not_Disable_Password_Expiration", "Description": "Do not disable password expiration policy for users", "Id": "User110", "ControlSeverity": "High", "Automated": "Yes", "MethodName": "CheckPasswordExpiration", "Rationale": "Users with password expiration disabled represent a long term risk to the tenant in the event of password compromise. Ensuring that password expiration is enabled for everyone ensures that the window of attack is limited.", "Recommendation": "Refer: TODO", "Tags": [ "SDL", "TCP", "Automated", "AuthN" ], "Enabled": true }, { "ControlID": "AAD_User_Do_Not_Disable_Strong_Password", "Description": "Do not disable strong password policy for users", "Id": "User120", "ControlSeverity": "High", "Automated": "Yes", "MethodName": "CheckStrongPassword", "Rationale": "Strong passwords are harder to compromise. When strong passwords are disabled for a user, their account becomes vulnerable to various brute-force password guessing/cracking attacks.", "Recommendation": "Refer: TODO", "Tags": [ "SDL", "TCP", "Automated", "AuthN" ], "Enabled": true } ] } |