Non-Human Identity Password Expiration Failure

Non-Human Identities (NHIs) will fail this check if they have not reset their password for 180 days. If needed, adjust the password reset grace period in Custom Detection Settings to align with your organization's procedures. This could increase the accuracy and actionability of check results.

Relying in static, credential-based authentication methods (such as long-lived API keys or passwords) is discouraged because these credentials can be exposed in breaches, code repositories, or logs

Recommended Actions

Cloud providers often offer credential-less authentication methods (such as intra-cloud access using instance profiles or OIDC federation). It is recommended to use those methods when they are available.

If you are unable to use credential-less authentication methods for reasons such as legacy support, you should enforce a regular credential rotation policy.

Default Settings:

Reset password timeframe (days): 180

Compatibility

Microsoft Entra ID, Okta