Policy: Azure > CIS v5.0 > 5 - Identity Services > 5.08 - Ensure that a 'Custom banned password list' is set to 'Enforce'
Configures auditing against a CIS Benchmark item.
Level: 1
Microsoft Azure provides a Global Banned Password policy that applies to Azure administrative and normal user accounts. This is not applied to user accounts that are synced from an on-premise Active Directory unless Microsoft Entra ID Connect is used and you enable EnforceCloudPasswordPolicyForPasswordSyncedUsers. Please see the list in default values on the specifics of this policy. To further password security, it is recommended to further define a custom banned password policy.
Enabling this gives your organization further customization on what secure passwords are allowed. Setting a bad password list enables your organization to fine-tune its password policy further, depending on your needs. Removing easy-to-guess passwords increases the security of access to your Azure resources.
Targets
This policy targets the following resource types:
Primary Policy
This policy is used with the following primary policy:
Related Policies
Controls
Setting this policy configures this control:
Policy Specification
Schema Type | |
|---|---|
Default | |
Valid Values [YAML] |
|
Category
In Your Workspace
Developers
- tmod:@turbot/cis#/control/categories/v070404
- tmod:@turbot/azure-cisv5-0#/policy/types/r0508
- turbot graphql policy-type --id "tmod:@turbot/azure-cisv5-0#/policy/types/r0508"
- turbot graphql policy-settings --filter "policyTypeId:tmod:@turbot/azure-cisv5-0#/policy/types/r0508"
Get Policy TypeGet Policy Settings