Use the Conformity Knowledge Base AI to help improve your Cloud Posture

Number Of Days Before Authentication Information Re-confirmation

Trend Micro Cloud One™ – Conformity is a continuous assurance tool that provides peace of mind for your cloud infrastructure, delivering over 750 automated best practice checks.

Risk Level: Medium (should be achieved)
Rule ID: ActiveDirectory-006

Ensure that the number of days before Microsoft Entra ID users are asked to re-confirm their authentication information is not set to 0 (zero) in order to enforce them to reconfirm their authentication details regularly.

This rule resolution is part of the Conformity Security & Compliance tool for Azure.

Security

The "Number of days before users are asked to re-confirm their authentication information" represents the period of time, up to a maximum of 730 days, before Microsoft Entra ID registered users are prompted to reconfirm their existing authentication details to make sure that these are still valid. If authentication reconfirmation is disabled, i.e. set to zero days, the Microsoft Entra ID users will never be prompted to reconfirm their existing authentication information. If one or more authentication details set for an Microsoft Entra ID user changes, the password reset information for that user reverts to the previously registered authentication information.


Audit

To determine the number of days before users are asked to reconfirm their authentication details, perform the following actions:

Note: Verifying user authentication information reconfirmation configuration using Microsoft Graph API or Azure CLI is not currently supported.

Using Azure Console

01 Sign in to Azure Management Console.

02 Navigate to Microsoft Entra ID blade at https://portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/Overview.

03 In the navigation panel, select Users.

04 Under All users, select Password reset to access the password reset configuration settings available for Microsoft Entra ID users.

05 In the blade navigation panel, select Registration.

06 On the Registration configuration page, check the value (integer) set for the Number of days before users are asked to re-confirm their authentication information setting. If the verified configuration value is 0, the authentication information reconfirmation for Microsoft Entra ID users is not enabled within the Microsoft Entra ID password reset policy.

07 Repeat steps no. 3 – 6 for each Microsoft Entra ID that you want to examine.

Remediation / Resolution

To enforce authentication information reconfirmation for Microsoft Microsoft Entra ID users, perform the following actions:

Note: Enabling Microsoft Entra ID user authentication information reconfirmation using Microsoft Graph API or Azure CLI is not currently supported.

Using Azure Console

01 Sign in to Azure Management Console.

02 Navigate to Microsoft Entra ID blade at https://portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/Overview.

03 In the navigation panel, select Users to access the panel with the Microsoft Entra ID users.

04 Under All users, select Password reset to access the password reset configuration settings available for Microsoft Entra ID users.

05 In the blade navigation panel, select Registration.

06 On the Registration settings page, enter the period of time (up to 730 days) before your Microsoft Entra ID registered users are prompted to reconfirm their existing authentication in the Number of days before users are asked to re-confirm their authentication information box.

07 Click Save to apply the configuration changes. Once the changes are saved, the following message should be displayed: "Password reset policy saved. Changes to password reset policy were saved successfully".

08 Repeat steps no. 3 – 7 for each Microsoft Microsoft Entra ID that you want to reconfigure in order to enable user authentication information reconfirmation.

References

Publication date Aug 30, 2019

Unlock the Remediation Steps


Free 30-day Trial

Automatically audit your configurations with Conformity
and gain access to our cloud security platform.

Confirmity Cloud Platform

No thanks, back to article

You are auditing:

Number Of Days Before Authentication Information Re-confirmation

Risk Level: Medium