# Fine-Grained Password Policy Definitions (PSOs)
# Override Default Domain Policy for specific groups.
# Lower Precedence number = higher priority.

@(
    @{
        Name                        = 'PSO-MasterAdmins'
        Description                 = 'Strict password policy for Tier 0 admin accounts'
        Precedence                  = 10
        MinPasswordLength           = 16
        PasswordHistoryCount        = 48
        MaxPasswordAge              = '30.00:00:00'
        MinPasswordAge              = '1.00:00:00'
        ComplexityEnabled           = $true
        ReversibleEncryptionEnabled = $false
        LockoutThreshold            = 3
        LockoutDuration             = '00:30:00'
        LockoutObservationWindow    = '00:30:00'
        AppliesTo                   = @('MasterAdmins')
    }

    @{
        Name                        = 'PSO-DelegatedAdmins'
        Description                 = 'Moderate password policy for helpdesk admins'
        Precedence                  = 20
        MinPasswordLength           = 12
        PasswordHistoryCount        = 24
        MaxPasswordAge              = '42.00:00:00'
        MinPasswordAge              = '1.00:00:00'
        ComplexityEnabled           = $true
        ReversibleEncryptionEnabled = $false
        LockoutThreshold            = 5
        LockoutDuration             = '00:30:00'
        LockoutObservationWindow    = '00:30:00'
        AppliesTo                   = @('DelegatedAdmins')
    }
)