π Microsoft Entra ID Account Lockout Threshold is not set to 10 or less π’
- Contextual name: π Account Lockout Threshold is not set to 10 or less π’
- ID:
/ce/ca/azure/microsoft-entra-id/account-lockout-threshold - Located in: π Microsoft Entra ID
Flagsβ
- π’ Impossible policy
- π’ Policy with categories
- π’ Policy with type
Our Metadataβ
- Policy Type:
COMPLIANCE_POLICY - Policy Category:
SECURITY
Descriptionβ
Descriptionβ
The account lockout threshold determines how many failed login attempts are permitted prior to placing the account in a locked-out state and initiating a variable lockout duration.
Rationaleβ
Account lockout is a method of protecting against brute-force and password spray attacks. Once the lockout threshold has been exceeded, the account enters a locked-out state which prevents all login attempts for a variable duration. The lockout in combination with a reasonable duration reduces the total number of failed login attempts that a malicious actor can execute in a given period of time.
Impactβ
If account lockout threshold is set too low (less than 3), users may experience frequent lockout events and the resulting security alerts may contribute to alert fatigue.
If account lockout threshold is set too high (more than 10), malicious actors can programmatically execute more password attempts in a given period of time.
Auditβ
From Azure Portalβ
- From Azure Home select the Portal Menu.
- Select
Microsoft Entra ID.... see more
Remediationβ
Remediationβ
From Azure Portalβ
- From Azure Home select the Portal Menu.
- Select
Microsoft Entra ID.- Under
Manage, selectSecurity.- Under
Manage, selectAuthentication methods.- Under
Manage, selectPassword protection.- Set the
Lockout thresholdto10or fewer.- Click
Save.
policy.yamlβ
Linked Framework Sectionsβ
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|---|---|---|---|
| πΌ CIS Azure v3.0.0 β πΌ 2.6 Ensure that account 'Lockout Threshold' is less than or equal to '10' (Manual) | 1 | |||
| πΌ Cloudaware Framework β πΌ Credential Lifecycle Management | 17 |