EIDSCA.PR02 - Default Settings - Password Rule Settings - Password Protection - Enable password protection on Windows Server Active Directory.
Overview
If set to Yes, password protection is turned on for Active Directory domain controllers when the appropriate agent is installed.
Azure identity & access security best practices - Microsoft Learn
Test script
https://graph.microsoft.com/beta/settings
.values -eq 'True'
Related links
- Open in Graph Explorer
- directorySetting resource type - Microsoft Graph beta | Microsoft Learn
- View in Microsoft Entra admin center
MITRE ATT&CK
| Tactic | Technique | Mitigation |
|---|---|---|
| TA0006 - Credential Access - Credential Access | T1110 - Brute Force | M1018 - User Account Management M1027 - Password Policies |
Test Metadata
| Field | Value |
|---|---|
| Test ID | EIDSCA.PR02 |
| Severity | High |
| Suite | Entra ID SCA |
| Category | General |
| PowerShell test | Test-MtEidscaPR02 |
| Tags | EIDSCA, EIDSCA.PR02 |
Source
- Pester test:
tests/EIDSCA/Test-EIDSCA.Generated.Tests.ps1 - PowerShell source:
powershell/internal/eidsca/Test-MtEidscaPR02.ps1