Manage password policies for AWS Managed Microsoft AD
AWS Managed Microsoft AD enables you to define and assign different fine-grained password and account lockout policies (also referred to as fine-grained password policies) for groups of users you manage in your AWS Managed Microsoft AD domain. When you create an AWS Managed Microsoft AD directory, a default domain policy is created and applied to the directory. This policy includes the following settings:
Policy | Setting |
---|---|
Enforce password history | 24 passwords remembered |
Maximum password age | 42 days * |
Minimum password age | 1 day |
Minimum password length | 7 characters |
Password must meet complexity requirements | Enabled |
Store passwords using reversible encryption | Disabled |
* Note: The 42 day maximum password age includes the admin password.
For example, you can assign a less strict policy setting for employees that have access to low sensitivity information only. For senior managers who regularly access confidential information you can apply more strict settings.
AWS provides a set of fine-grained password policies in AWS Managed Microsoft AD that you can
configure and assign to your groups. To configure the policies, you can use standard Microsoft
policy tools such as Active Directory
Administrative Center
Topics
Related AWS Security blog article