Ensure that the number of days before Microsoft Azure Active Directory (AD) users are asked to re-confirm their authentication information is not set to 0 (zero) in order to enforce them to reconfirm their authentication details regularly.
This rule resolution is part of the Cloud Conformity Security & Compliance tool for Azure
The "Number of days before users are asked to re-confirm their authentication information" represents the period of time, up to a maximum of 730 days, before AD registered users are prompted to reconfirm their existing authentication details to make sure that these are still valid. If authentication reconfirmation is disabled, i.e. set to zero days, the Active Directory users will never be prompted to reconfirm their existing authentication information. If one or more authentication details set for an AD user changes, the password reset information for that user reverts to the previously registered authentication information.
Audit
To determine the number of days before users are asked to reconfirm their authentication details, perform the following actions:
Note: Verifying user authentication information reconfirmation configuration using Microsoft Graph API or Azure CLI is not currently supported.Remediation / Resolution
To enforce authentication information reconfirmation for Microsoft Azure Active Directory users, perform the following actions:
Note: Enabling AD user authentication information reconfirmation using Microsoft Graph API or Azure CLI is not currently supported.References
Unlock the Remediation Steps
Gain free unlimited access
to our full Knowledge Base
Over 750 rules & best practices
for and
Get started for FREE
You are auditing:
Enable Authentication Reconfirmation
Risk level: Medium