We need to mitigate issues with the users who have multiple accounts, multiple roles or shared accounts.
A Person who has multiple roles in an organization, are the ones with the multiple accounts. If you have multiple accounts, the privilege in each role and account should be different. Sometimes in an enterprise, we can have shared accounts, like that for consultants, for the one’s who can come and go. We should make sure that we should have proper documentations for the shared users.
A shared account users can also have multiple accounts and roles in the system.
ACCOUNT POLICY ENFORCEMENTS
We need to have a credential management. It is important to store the credentials in the local system as some of the users have multiple roles and passwords to log on to the system.The information(id’s, passwords,etc.) should be stored in the system and encrypted to avoid leakage.
A Group Policy is the strategy to enforce password properties like complexity, length, and age across the enterprise or Microsoft environment. Your password should include the complex and special characters. Each password should expire within 30 or 60 days and the new password should generate automatically.
A failed attempt by the user should trigger the Lock Out which generally is set between three and five.
The user’s authentication shall be monitored continuously to improve the organization’s output. Security Control is the biggest concern that could prevent severe data loss.