Skip to main content

lacework-global-503

1.8 Ensure that 'Number of days before users are asked to re-confirm their authentication information' is not set to '0' (Manual)

Profile Applicability

• Level 1

Description

Ensure that the number of days before users are asked to re-confirm their authentication information is not set to 0.

Rationale

This setting is necessary if you have setup 'Require users to register when signing in option'. If authentication re-confirmation is disabled, registered users will never be prompted to re-confirm their existing authentication information. If the authentication information for a user changes, such as a phone number or email, then the password reset information for that user reverts to the previously registered authentication information.

Impact

Users will be prompted for their multifactor authentication at the duration set here.

Audit

From Azure Portal

  1. From Azure Home select the Portal Menu
  2. Select Azure Active Directory
  3. Then Users
  4. Select Password reset
  5. Then Registration
  6. Ensure that Number of days before users are asked to re-confirm their authentication information is not set to 0

Please note that at this point of time, there is no API/CLI mechanism available to programmatically conduct security assessment for this recommendation.

Remediation

From Azure Portal

  1. From Azure Home select the Portal Menu
  2. Select Azure Active Directory
  3. Then Users
  4. Select Password reset
  5. Then Registration
  6. Set the Number of days before users are asked to re-confirm their authentication information to your organization-defined frequency.

Please note that at this point of time, there is no Azure CLI or other API commands available to programmatically conduct security configuration for this recommendation.

References

https://docs.microsoft.com/en-us/azure/active-directory/active-directory-passwords-how-it-works#registration
https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-sspr-deployment
https://docs.microsoft.com/en-us/security/benchmark/azure/security-controls-v3-governance-strategy#gs-6-define-identity-and-privileged-access-strategy
https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-authentication-methods