Skip to content

Commit

Permalink
Built-in Policy Release d07929ed (Azure#1133)
Browse files Browse the repository at this point in the history 
Co-authored-by: Azure Policy Bot <[email protected]>
  • Loading branch information
@pilor
pilor and Azure Policy Bot authored May 1, 2023
1 parent 396522c commit edc1712
Show file tree
Hide file tree
Showing 13 changed files with 1,625 additions and 75 deletions.
39 changes: 30 additions & 9 deletions .../Azure Government/Guest Configuration/GuestConfiguration_WindowsMaximumPassword_AINE.json
View file
Original file line number Diff line number Diff line change
@@ -1,34 +1,47 @@
{
"properties": {
"displayName": "Audit Windows machines that do not have a maximum password age of 70 days",
"displayName": "Audit Windows machines that do not have the maximum password age set to specified number of days",
"policyType": "BuiltIn",
"mode": "Indexed",
"description": "Requires that prerequisites are deployed to the policy assignment scope. For details, visit https://aka.ms/gcpol. Machines are non-compliant if Windows machines that do not have a maximum password age of 70 days",
"description": "Requires that prerequisites are deployed to the policy assignment scope. For details, visit https://aka.ms/gcpol. Machines are non-compliant if Windows machines that do not have the maximum password age set to specified number of days. Default value for maximum password age is 70 days",
"metadata": {
"category": "Guest Configuration",
"version": "1.0.0",
"version": "1.1.0",
"requiredProviders": [
"Microsoft.GuestConfiguration"
],
"guestConfiguration": {
"name": "MaximumPasswordAge",
"version": "1.*"
"version": "1.*",
"configurationParameter": {
"MaximumPasswordAge": "[AccountPolicy]MaximumPasswordAge;Maximum_Password_Age"
}
}
},
"version": "1.0.0",
"version": "1.1.0",
"parameters": {
"IncludeArcMachines": {
"type": "string",
"metadata": {
"displayName": "Include Arc connected servers",
"description": "By selecting this option, you agree to be charged monthly per Arc connected machine."
"description": "By selecting this option, you agree to be charged monthly per Arc connected machine.",
"portalReview": "true"
},
"allowedValues": [
"true",
"false"
],
"defaultValue": "false"
},
"MaximumPasswordAge": {
"type": "string",
"metadata": {
"displayName": "Maximum password age",
"description": "The Maximum password age setting determines the period of time (in days) that a password can be used before the system requires the user to change it.",
"portalReview": "true"
},
"defaultValue": "70"
},
"effect": {
"type": "string",
"metadata": {
Expand Down Expand Up @@ -226,10 +239,18 @@
"effect": "[parameters('effect')]",
"details": {
"type": "Microsoft.GuestConfiguration/guestConfigurationAssignments",
"name": "MaximumPasswordAge",
"name": "[concat('MaximumPasswordAge$pid', uniqueString(policy().assignmentId, policy().definitionReferenceId))]",
"existenceCondition": {
"field": "Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus",
"equals": "Compliant"
"allOf": [
{
"field": "Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus",
"equals": "Compliant"
},
{
"field": "Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash",
"equals": "[base64(concat('[AccountPolicy]MaximumPasswordAge;Maximum_Password_Age', '=', parameters('MaximumPasswordAge')))]"
}
]
}
}
}
Expand Down
39 changes: 30 additions & 9 deletions .../Azure Government/Guest Configuration/GuestConfiguration_WindowsMinimumPassword_AINE.json
View file
Original file line number Diff line number Diff line change
@@ -1,34 +1,47 @@
{
"properties": {
"displayName": "Audit Windows machines that do not have a minimum password age of 1 day",
"displayName": "Audit Windows machines that do not have the minimum password age set to specified number of days",
"policyType": "BuiltIn",
"mode": "Indexed",
"description": "Requires that prerequisites are deployed to the policy assignment scope. For details, visit https://aka.ms/gcpol. Machines are non-compliant if Windows machines that do not have a minimum password age of 1 day",
"description": "Requires that prerequisites are deployed to the policy assignment scope. For details, visit https://aka.ms/gcpol. Machines are non-compliant if Windows machines that do not have the minimum password age set to specified number of days. Default value for minimum password age is 1 day",
"metadata": {
"category": "Guest Configuration",
"version": "1.0.0",
"version": "1.1.0",
"requiredProviders": [
"Microsoft.GuestConfiguration"
],
"guestConfiguration": {
"name": "MinimumPasswordAge",
"version": "1.*"
"version": "1.*",
"configurationParameter": {
"MinimumPasswordAge": "[AccountPolicy]MinimumPasswordAge;Minimum_Password_Age"
}
}
},
"version": "1.0.0",
"version": "1.1.0",
"parameters": {
"IncludeArcMachines": {
"type": "string",
"metadata": {
"displayName": "Include Arc connected servers",
"description": "By selecting this option, you agree to be charged monthly per Arc connected machine."
"description": "By selecting this option, you agree to be charged monthly per Arc connected machine.",
"portalReview": "true"
},
"allowedValues": [
"true",
"false"
],
"defaultValue": "false"
},
"MinimumPasswordAge": {
"type": "string",
"metadata": {
"displayName": "Minimum password age",
"description": "The Minimum password age setting determines the period of time (in days) that a password must be used before the user can change it.",
"portalReview": "true"
},
"defaultValue": "1"
},
"effect": {
"type": "string",
"metadata": {
Expand Down Expand Up @@ -226,10 +239,18 @@
"effect": "[parameters('effect')]",
"details": {
"type": "Microsoft.GuestConfiguration/guestConfigurationAssignments",
"name": "MinimumPasswordAge",
"name": "[concat('MinimumPasswordAge$pid', uniqueString(policy().assignmentId, policy().definitionReferenceId))]",
"existenceCondition": {
"field": "Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus",
"equals": "Compliant"
"allOf": [
{
"field": "Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus",
"equals": "Compliant"
},
{
"field": "Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash",
"equals": "[base64(concat('[AccountPolicy]MinimumPasswordAge;Minimum_Password_Age', '=', parameters('MinimumPasswordAge')))]"
}
]
}
}
}
Expand Down
39 changes: 30 additions & 9 deletions .../Azure Government/Guest Configuration/GuestConfiguration_WindowsPasswordEnforce_AINE.json
View file
Original file line number Diff line number Diff line change
@@ -1,34 +1,47 @@
{
"properties": {
"displayName": "Audit Windows machines that allow re-use of the previous 24 passwords",
"displayName": "Audit Windows machines that allow re-use of the passwords after the specified number of unique passwords",
"policyType": "BuiltIn",
"mode": "Indexed",
"description": "Requires that prerequisites are deployed to the policy assignment scope. For details, visit https://aka.ms/gcpol. Machines are non-compliant if Windows machines that allow re-use of the previous 24 passwords",
"description": "Requires that prerequisites are deployed to the policy assignment scope. For details, visit https://aka.ms/gcpol. Machines are non-compliant if Windows machines that allow re-use of the passwords after the specified number of unique passwords. Default value for unique passwords is 24",
"metadata": {
"category": "Guest Configuration",
"version": "1.0.0",
"version": "1.1.0",
"requiredProviders": [
"Microsoft.GuestConfiguration"
],
"guestConfiguration": {
"name": "EnforcePasswordHistory",
"version": "1.*"
"version": "1.*",
"configurationParameter": {
"EnforcePasswordHistory": "[AccountPolicy]EnforcePasswordHistory;Enforce_password_history"
}
}
},
"version": "1.0.0",
"version": "1.1.0",
"parameters": {
"IncludeArcMachines": {
"type": "string",
"metadata": {
"displayName": "Include Arc connected servers",
"description": "By selecting this option, you agree to be charged monthly per Arc connected machine."
"description": "By selecting this option, you agree to be charged monthly per Arc connected machine.",
"portalReview": "true"
},
"allowedValues": [
"true",
"false"
],
"defaultValue": "false"
},
"EnforcePasswordHistory": {
"type": "string",
"metadata": {
"displayName": "Enforce password history",
"description": "The Enforce password history setting determines the number of unique new passwords that must be associated with a user account before an old password can be reused.",
"portalReview": "true"
},
"defaultValue": "24"
},
"effect": {
"type": "string",
"metadata": {
Expand Down Expand Up @@ -226,10 +239,18 @@
"effect": "[parameters('effect')]",
"details": {
"type": "Microsoft.GuestConfiguration/guestConfigurationAssignments",
"name": "EnforcePasswordHistory",
"name": "[concat('EnforcePasswordHistory$pid', uniqueString(policy().assignmentId, policy().definitionReferenceId))]",
"existenceCondition": {
"field": "Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus",
"equals": "Compliant"
"allOf": [
{
"field": "Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus",
"equals": "Compliant"
},
{
"field": "Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash",
"equals": "[base64(concat('[AccountPolicy]EnforcePasswordHistory;Enforce_password_history', '=', parameters('EnforcePasswordHistory')))]"
}
]
}
}
}
Expand Down
39 changes: 30 additions & 9 deletions ...s/Azure Government/Guest Configuration/GuestConfiguration_WindowsPasswordLength_AINE.json
View file
Original file line number Diff line number Diff line change
@@ -1,34 +1,47 @@
{
"properties": {
"displayName": "Audit Windows machines that do not restrict the minimum password length to 14 characters",
"displayName": "Audit Windows machines that do not restrict the minimum password length to specified number of characters",
"policyType": "BuiltIn",
"mode": "Indexed",
"description": "Requires that prerequisites are deployed to the policy assignment scope. For details, visit https://aka.ms/gcpol. Machines are non-compliant if Windows machines that do not restrict the minimum password length to 14 characters",
"description": "Requires that prerequisites are deployed to the policy assignment scope. For details, visit https://aka.ms/gcpol. Machines are non-compliant if Windows machines that do not restrict the minimum password length to specified number of characters. Default value for minimum password length is 14 characters",
"metadata": {
"category": "Guest Configuration",
"version": "1.0.0",
"version": "1.1.0",
"requiredProviders": [
"Microsoft.GuestConfiguration"
],
"guestConfiguration": {
"name": "MinimumPasswordLength",
"version": "1.*"
"version": "1.*",
"configurationParameter": {
"MinimumPasswordLength": "[AccountPolicy]MinimumPasswordLength;Minimum_Password_Length"
}
}
},
"version": "1.0.0",
"version": "1.1.0",
"parameters": {
"IncludeArcMachines": {
"type": "string",
"metadata": {
"displayName": "Include Arc connected servers",
"description": "By selecting this option, you agree to be charged monthly per Arc connected machine."
"description": "By selecting this option, you agree to be charged monthly per Arc connected machine.",
"portalReview": "true"
},
"allowedValues": [
"true",
"false"
],
"defaultValue": "false"
},
"MinimumPasswordLength": {
"type": "string",
"metadata": {
"displayName": "Minimum password length",
"description": "The Minimum password length setting determines the least number of characters that can make up a password for a user account.",
"portalReview": "true"
},
"defaultValue": "14"
},
"effect": {
"type": "string",
"metadata": {
Expand Down Expand Up @@ -226,10 +239,18 @@
"effect": "[parameters('effect')]",
"details": {
"type": "Microsoft.GuestConfiguration/guestConfigurationAssignments",
"name": "MinimumPasswordLength",
"name": "[concat('MinimumPasswordLength$pid', uniqueString(policy().assignmentId, policy().definitionReferenceId))]",
"existenceCondition": {
"field": "Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus",
"equals": "Compliant"
"allOf": [
{
"field": "Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus",
"equals": "Compliant"
},
{
"field": "Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash",
"equals": "[base64(concat('[AccountPolicy]MinimumPasswordLength;Minimum_Password_Length', '=', parameters('MinimumPasswordLength')))]"
}
]
}
}
}
Expand Down
Loading

0 comments on commit edc1712

Please sign in to comment.