适用于 Azure Active Directory 域服务的 Azure Policy 内置定义Azure Policy built-in definitions for Azure Active Directory Domain Services

此页是 Azure Active Directory 域服务的 Azure Policy 内置策略定义的索引。This page is an index of Azure Policy built-in policy definitions for Azure Active Directory Domain Services. 有关其他服务的其他 Azure Policy 内置定义,请参阅 Azure Policy 内置定义For additional Azure Policy built-ins for other services, see Azure Policy built-in definitions.

每个内置策略定义链接(指向 Azure 门户中的策略定义)的名称。The name of each built-in policy definition links to the policy definition in the Azure portal. 使用“版本”列中的链接查看 Azure Policy GitHub 存储库上的源。Use the link in the Version column to view the source on the Azure Policy GitHub repo.

Azure Active Directory 域服务Azure Active Directory Domain Services

名称Name
(Azure 门户)(Azure portal)
说明Description 效果Effect(s) 版本Version
(GitHub)(GitHub)
Azure Active Directory 域服务托管域应使用仅限 TLS 1.2 模式Azure Active Directory Domain Services managed domains should use TLS 1.2 only mode 为托管域使用仅限 TLS 1.2 模式。Use TLS 1.2 only mode for your managed domains. 默认情况下,Azure AD 域服务允许使用 NTLM v1 和 TLS v1 等密码。By default, Azure AD Domain Services enables the use of ciphers such as NTLM v1 and TLS v1. 某些旧版应用程序可能需要这些密码,但这些密码视为弱密码,如果不需要,可以将其禁用。These ciphers may be required for some legacy applications, but are considered weak and can be disabled if you don't need them. 如果启用仅限 TLS 1.2 模式,那么任何发出请求但未使用 TLS 1.2 的客户端都将失败。When TLS 1.2 only mode is enabled, any client making a request that is not using TLS 1.2 will fail. https://docs.azure.cn/active-directory-domain-services/secure-your-domain 处了解详细信息。Learn more at https://docs.azure.cn/active-directory-domain-services/secure-your-domain. Audit、DisabledAudit, Disabled 1.0.01.0.0

后续步骤Next steps