Azure CIS policies with ADDS Joined VMs

%3CLINGO-SUB%20id%3D%22lingo-sub-2257471%22%20slang%3D%22en-US%22%3EAzure%20CIS%20policies%20with%20ADDS%20Joined%20VMs%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2257471%22%20slang%3D%22en-US%22%3E%3CP%3EI'm%20having%20problems%20with%202%20specific%20CIS%20policies%20that%20I%20can't%20seems%20to%20remediate.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThe%202%20policies%20are%20as%20follows%3B%3C%2FP%3E%3CP%3E1.%26nbsp%3B%3CSPAN%3ECCE-37167-4%20--%26nbsp%3BEnsure%20'Maximum%20password%20age'%20is%20set%20to%20'70%20or%20fewer%20days%2C%20but%20not%200'%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%3E2.%26nbsp%3BCCE-36534-6%20--%26nbsp%3BEnsure%20'Minimum%20password%20length'%20is%20set%20to%20'14%20or%20more%20character(s)'%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3EAs%20my%20VMs%20are%20domain%20joined%20to%20an%20ADDS%20managed%20domain%20these%20two%20(2)%20settings%20are%20inherited%20from%20them%20and%20are%20not%20changeable%20from%20what%20I've%20read.%20I%20have%20also%20tried%20to%20influence%20these%20values%20from%20O365%20admin%20portal%20with%20no%20resolve.%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3EMy%20question%20is%20how%20do%20I%20remediate%20these%20or%20remove%20them%20from%20the%20recommendations%26nbsp%3Bif%20I%20don't%20have%20control%20over%20there%20values%3F%20Dismissing%20them%20does%20not%20remove%20them%20from%20the%20recommendations%26nbsp%3Bunfortunately.%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E
New Contributor

I'm having problems with 2 specific CIS policies that I can't seems to remediate.

 

The 2 policies are as follows;

1. CCE-37167-4 -- Ensure 'Maximum password age' is set to '70 or fewer days, but not 0'

2. CCE-36534-6 -- Ensure 'Minimum password length' is set to '14 or more character(s)'

 

As my VMs are domain joined to an ADDS managed domain these two (2) settings are inherited from them and are not changeable from what I've read. I have also tried to influence these values from O365 admin portal with no resolve.

 

My question is how do I remediate these or remove them from the recommendations if I don't have control over there values? Dismissing them does not remove them from the recommendations unfortunately.

3 Replies

Hi @WHendrickson 

 

Dismissing a CCEID changes the status of an item to "dismissed" and hides it from the dashboard.

If you still see it, please make sure your filter set to not display dismissed items:

 

2021-04-08_14-27-05.jpg

@Stanislav Belov 

 

You are correct that they are hidden if dismissed however they are not removed from your secure score and regulatory compliance scores.

 

I'm looking at how to be exempt from these policies if I can't control them so they don't reflect negatively against our scores.

 

Thanks,

@WHendrickson 

 

In this case you can either disable certain rules (disabled findings won't be counted towards your secure score) or exempt the whole recommendation (not recommended):
https://docs.microsoft.com/en-us/azure/security-center/remediate-vulnerability-findings-vm?WT.mc_id=...