Control: Azure > CIS v4.0 > 06 - Identity Services > 06.06 - Ensure that account 'Lockout threshold' is less than or equal to '10'
Configures auditing against a CIS Benchmark item.
Level: 1
The account lockout threshold determines how many failed login attempts are permitted prior to placing the account in a locked-out state and initiating a variable lockout duration.
Account lockout is a method of protecting against brute-force and password spray attacks. Once the lockout threshold has been exceeded, the account enters a lockedout state which prevents all login attempts for a variable duration. The lockout in combination with a reasonable duration reduces the total number of failed login attempts that a malicious actor can execute in a given period of time.
Resource Types
This control targets the following resource types:
Policies
This control type relies on these other policies when running actions:
- Azure > CIS v4.0 > 06 - Identity Services > 06.06 - Ensure account 'Lockout threshold' is less than or equal to '10'
- Azure > CIS v4.0 > 06 - Identity Services > 06.06 - Ensure account 'Lockout threshold' is less than or equal to '10' > Attestation
- Azure > CIS v4.0 > Maximum Attestation Duration
- Azure > CIS v4.0
- Azure > CIS v4.0 > 06 - Identity Services
- Azure > CIS v4.0 > 06 - Identity Services > Maximum Attestation Duration
Category
In Your Workspace
Developers
- tmod:@turbot/azure-cisv4-0#/control/types/r0606
- tmod:@turbot/cis#/control/categories/v071603
- turbot graphql controls --filter "controlTypeId:tmod:@turbot/azure-cisv4-0#/control/types/r0606"
Get Controls