Ensure That 'Number of methods required to reset' is set to '2'
Ensures that two alternate forms of identification are provided before allowing a password reset.
Risk Level: Low
Cloud Entity: Azure Active Directory
CloudGuard Rule ID: D9.AZU.IAM.45
Covered by Spectral: No
Category: Security, Identity, & Compliance
GSL LOGIC
User should have userCredentialRegistrationDetails.selfServicePasswordResetAuthMethods.length() >1
REMEDIATION
From Portal:
- Go to Azure Active Directory.
- Go to Users.
- Select Password reset.
- Then Authentication methods.
- Set the Number of methods required to reset to '2'.
Note: By default, the Number of methods required to reset is set to 2. Please note that at this point of time, there is no Azure CLI or other API commands available to programmatically conduct security configuration for this recommendation.
References:
- https://learn.microsoft.com/en-us/azure/active-directory/authentication/tutorial-enable-sspr
- https://docs.microsoft.com/en-us/security/benchmark/azure/security-controls-v3-identity-management#im-4-use-strong-authentication-controls-for-all-azure-active-directory-based-access
- https://workbench.cisecurity.org/sections/1460901/recommendations/2349024
Azure Active Directory
Azure Active Directory (Azure AD) is Microsoft���s cloud-based identity and access management service, which helps your employees sign in and access resources in external resources and internal res
Compliance Frameworks
- AZU PCI-DSS 4.0
- Azure CIS Foundations v. 1.2.0
- Azure CIS Foundations v. 1.3.0
- Azure CIS Foundations v. 1.3.1
- Azure CIS Foundations v. 1.4.0
- Azure CIS Foundations v. 1.5.0
- Azure CIS Foundations v.2.0
- Azure CSA CCM v.4.0.1
- Azure CloudGuard Best Practices
- Azure NIST 800-53 Rev 5
- CloudGuard Azure All Rules Ruleset
Updated over 1 year ago