|   Trend Micro Cloud One™
Open menu

Enable Authentication Reconfirmation

Cloud Conformity allows you to automate the auditing process of this resolution page. Register for a 14 day evaluation and check your compliance level for free!

Start a Free Trial Product features
Risk level: Medium (should be achieved)
Rule ID: ActiveDirectory-006

Ensure that the number of days before Microsoft Azure Active Directory (AD) users are asked to re-confirm their authentication information is not set to 0 (zero) in order to enforce them to reconfirm their authentication details regularly.

This rule resolution is part of the Cloud Conformity Security & Compliance tool for Azure

Security

The "Number of days before users are asked to re-confirm their authentication information" represents the period of time, up to a maximum of 730 days, before AD registered users are prompted to reconfirm their existing authentication details to make sure that these are still valid. If authentication reconfirmation is disabled, i.e. set to zero days, the Active Directory users will never be prompted to reconfirm their existing authentication information. If one or more authentication details set for an AD user changes, the password reset information for that user reverts to the previously registered authentication information.

Audit

To determine the number of days before users are asked to reconfirm their authentication details, perform the following actions:

Note: Verifying user authentication information reconfirmation configuration using Microsoft Graph API or Azure CLI is not currently supported.

Using Azure Console

01 Sign in to Azure Management Console.

02 Navigate to Azure Active Directory (AD) blade at https://portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/Overview.

03 In the navigation panel, select Users.

04 Under All users, select Password reset to access the password reset configuration settings available for Active Directory users.

05 In the blade navigation panel, select Registration.

06 On the Registration configuration page, check the value (integer) set for the Number of days before users are asked to re-confirm their authentication information setting. If the verified configuration value is 0, the authentication information reconfirmation for Active Directory users is not enabled within the AD password reset policy.

07 Repeat steps no. 3 – 6 for each Azure Active Directory that you want to examine.

Remediation / Resolution

To enforce authentication information reconfirmation for Microsoft Azure Active Directory users, perform the following actions:

Note: Enabling AD user authentication information reconfirmation using Microsoft Graph API or Azure CLI is not currently supported.

Using Azure Console

01 Sign in to Azure Management Console.

02 Navigate to Azure Active Directory (AD) blade at https://portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/Overview.

03 In the navigation panel, select Users to access the panel with the AD users.

04 Under All users, select Password reset to access the password reset configuration settings available for Active Directory users.

05 In the blade navigation panel, select Registration.

06 On the Registration settings page, enter the period of time (up to 730 days) before your AD registered users are prompted to reconfirm their existing authentication in the Number of days before users are asked to re-confirm their authentication information box.

07 Click Save to apply the configuration changes. Once the changes are saved, the following message should be displayed: "Password reset policy saved. Changes to password reset policy were saved successfully".

08 Click Save to apply the configuration changes. If successful, the following confirmation message should be displayed: "Password reset policy saved. Changes to password reset policy were saved successfully".

09 Repeat steps no. 3 – 7 for each Microsoft Azure Active Directory that you want to reconfigure in order to enable user authentication information reconfirmation.

References

Publication date Aug 30, 2019

Unlock the Remediation Steps

Gain free unlimited access to our full Knowledge Base


Over 600 rules & best practices for and

Get started for FREE

A verification email will be sent to this address
We keep your information private. Learn more.

Thank you!

Please click the link in the confirmation email sent to

You are auditing:

Enable Authentication Reconfirmation

Risk level: Medium