Risk Level: Low
Cloud Entity: Azure Active Directory
CloudGuard Rule ID: D9.AZU.IAM.45
Covered by Spectral: No
Category: Security, Identity, & Compliance

GSL LOGIC

User should have userCredentialRegistrationDetails.selfServicePasswordResetAuthMethods.length() >1

REMEDIATION

From Portal:

Go to Azure Active Directory.
Go to Users.
Select Password reset.
Then Authentication methods.
Set the Number of methods required to reset to '2'.

Note: By default, the Number of methods required to reset is set to 2. Please note that at this point of time, there is no Azure CLI or other API commands available to programmatically conduct security configuration for this recommendation.

References:

Azure Active Directory

Azure Active Directory (Azure AD) is Microsoft’s cloud-based identity and access management service, which helps your employees sign in and access resources in external resources and internal res

Compliance Frameworks

AZU PCI-DSS 4.0
Azure CIS Foundations v. 1.2.0
Azure CIS Foundations v. 1.3.0
Azure CIS Foundations v. 1.3.1
Azure CIS Foundations v. 1.4.0
Azure CIS Foundations v. 1.5.0
Azure CIS Foundations v.2.0
Azure CSA CCM v.4.0.1
Azure CloudGuard Best Practices
Azure NIST 800-53 Rev 5
CloudGuard Azure All Rules Ruleset