deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-12 13:27:23 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Update passwordless strategy documentation

Browse Source
This commit is contained in:
Paolo Matarazzo 2024-01-29 09:15:52 -05:00
parent 1947caccb2
commit b2beb5f07b
2 changed files with 5 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
windows/security/identity-protection/passwordless-strategy/journey-step-2.md
View File

@ -41,9 +41,9 @@ Some organizations empower their users to write this information, while some mig
Your test users provided you valuable with information that describes how, what, why, and when they use a password. It's now time for your team to identify each of these password use cases and understand why the user must use a password.\
Create a list of the scenarios. Each scenario should have a clear problem statement. Name the scenario with a one-sentence summary of the problem statement. Include in the scenario the results of your team's investigation as to why the user is asked to provide a password. Include relevant, but accurate details. If the scenario is policy or procedure-driven, then include the name and section of the policy that dictates why the workflow uses a password.
Your test users won't uncover all scenarios, therefore you must force on some uncommon scenarios. Remember to include the following:
Your test users won't uncover all scenarios, therefore you must force on them some uncommon scenarios. Remember to include the following:
- Provision a new user without a password
- Provision a new user with an unknown password
- Users who forget the PIN or other remediation flows when the strong credential is unusable
Next, review your list of scenarios. You can start with the workflows that are dictated by process or policy, or you can begin with workflows that need technical solutions, whichever of the two is easier or quicker. This choice varies by organization.

3
windows/security/identity-protection/passwordless-strategy/journey-step-3.md
View File

@ -125,6 +125,9 @@ Set-ADAccountPassword -identity $userId -NewPassword $NewPassword -Reset
If your organizational policies allow it, you can configure the randomized passwords to never expire, or use a long expiration period. This configuration prevents the user from being prompted to change their password.
> [!CAUTION]
> Execute the script only from a secure and trusted environment, and ensure that the script is not logged. Treat the host where the script is executed as a privileged host, with the same level of security as a domain controller.
### Password rotation
Consider implementing automation to rotate the user's password regularly. This approach ensures that the user's password is always randomized and prevents the user from knowing the password.