Query: azuread_user_password_not_set_to_expire

Usage

powerpipe query microsoft365_compliance.query.azuread_user_password_not_set_to_expire

Steampipe Tables

azuread_user

SQL

select
  id as resource,
  case
    when user_type != 'Member' then 'skip'
    when password_policies like '%DisablePasswordExpiration%' then 'ok'
    else 'alarm'
  end as status,
  case
    when user_type != 'Member' then display_name || ' is ' || user_type || ' user.'
    when password_policies like '%DisablePasswordExpiration%' then display_name || ' has password expiration disabled.'
    else display_name || ' has password expiration enabled.'
  end as reason,
  tenant_id as tenant_id
from
  azuread_user;

Controls

The query is being used by the following controls:

1.5 Ensure that Office 365 Passwords Are Not Set to Expire
1.4 Ensure that Office 365 Passwords Are Not Set to Expire
1.4 Ensure the 'Password expiration policy' is set to 'Set passwords to never expire
1.3.1 Ensure the 'Password expiration policy' is set to 'Set passwords to never expire'