Password Length Discrepancy in CIS Microsoft Windows Server Hardened Images on Azure


Product Name

CIS Hardened Images® (Azure)

Product Version

 

Date

Feb 10, 2023



Problem

The minimum password length requirement for CIS Microsoft Windows Server Hardened Images on Azure is 14, which conflicts with Azure’s minimum password length requirement of 12.

Solution

CIS Hardened Images are configured to meet the best practices outlined within the CIS Benchmarks. All CIS Benchmarks adhere to a CIS recommended 14-character password length. However, to make it more readily available to end users moving forward, we will be updating our usage guidance and overview sections on all of the CIS Microsoft Windows Server Hardened Images on Azure. Additionally, we are working with Azure Support to clear up the password length discrepancy. Thank you for the feedback and data points, as this will help guide our documentation moving forward.

Please see the following Microsoft article for help in resetting the password: Reset Remote Desktop Services or its administrator password in a Windows VM.

Keywords; Microsoft Azure minimum password length requirement CIS Hardened Images

Content by Label


Copyright © 2020

Center for Internet Security®