Implement password expiry & password history & certain number of account lockout for Azure SQL databases
We could see below gaps for Azure SQL Database (for PAAS scenario)
1) There is no Password History
2) There is no Password Expiry
3) There is no Account Lockout set (wherein account will be locked out after certain number of failed attempts) which could lead to bruteforce attacks.
All these above parameters must be addressed and aligned in accordance with Industry Standard.
As discussed with Omeswar Reddy Danwada uploading this idea
Hi Anurag Dikshit,
kindly arrange a mail from Microsoft product team stating that by when it will be fixed.
It seems you guys are not monitoring this portal, If monitoring then keep on updating here as well regarding the progress.
(For security reason i haven't disclosed your email addresses here it doesn't mean that you will simply ignore)
Is Someone from Microsoft is monitoring to fix this ASAP, or just left this idea unattended
Do not close / archive this case until it resolved
However, considering the Azure scope for Microsoft's SCO2 Type II report, this has not even validated in the report.