- 1 year ago
Terraform script Windows Module set account lockout policy & minimum password length Azure
To set the account lockout policy and minimum password length in Azure Active Directory (AD) using Terraform, you can utilize the Azure AD Provider and the azuread_password_policy
resource. Here's an example of how you can achieve this:
hclprovider "azuread" {
version = ">= 0.15"
}
resource "azuread_password_policy" "example" {
display_name = "Example Password Policy"
lockout_duration = "00:30:00"
lockout_threshold = 5
lockout_observation_window = "00:15:00"
password_minimum_length = 10
}
In this example, the azuread_password_policy
resource is used to define the password policy settings. The display_name
field specifies the display name for the password policy.
The lockout_duration
parameter sets the duration for which an account is locked out after the maximum number of failed login attempts. It is specified in the format of HH:MM:SS
.
The lockout_threshold
parameter specifies the number of failed login attempts before an account is locked out.
The lockout_observation_window
parameter determines the observation window for tracking failed login attempts, also in HH:MM:SS
format.
The password_minimum_length
parameter sets the minimum length required for user passwords.
Make sure you have the appropriate version of the Azure AD provider installed. You can update the version in the provider
block accordingly.
After defining the resource, run terraform init
and terraform apply
to deploy the password policy settings to Azure AD.
Note: Keep in mind that these settings apply to Azure AD and not to individual Windows machines. To enforce these policies on Windows machines joined to Azure AD, you need to configure corresponding group policies or use other mechanisms specific to Windows operating systems.