EIDSCA.PR02 - Default Settings - Password Rule Settings - Password Protection - Enable password protection on Windows Server Active Directory.
Overview
If set to Yes, password protection is turned on for Active Directory domain controllers when the appropriate agent is installed.
Azure identity & access security best practices - Microsoft Learn
Test script
https://graph.microsoft.com/beta/settings
.values -eq 'True'
Related links
- Open in Graph Explorer
- directorySetting resource type - Microsoft Graph beta | Microsoft Learn
- View in Microsoft Entra admin center
Test Metadata
| Field | Value |
|---|---|
| Test ID | EIDSCA.PR02 |
| Severity | High |
| Suite | Entra ID SCA |
| Category | General |
| PowerShell test | Test-MtEidscaPR02 |
| Tags | EIDSCA, EIDSCA.PR02 |
Source
- Pester test:
tests/EIDSCA/Test-EIDSCA.Generated.Tests.ps1 - PowerShell source:
powershell/internal/eidsca/Test-MtEidscaPR02.ps1