Feature Request: Password Policy Enforcement for Veeam Backup for AWS Portal Users

[BennyDC]

Feature Request: Password Policy Enforcement for Veeam Backup for AWS Portal Users

We would like to request support for configurable password policy enforcement for local console users in Veeam Backup for AWS.

At present, the portal allows user creation and role assignment, but it does not provide native controls for enforcing password governance requirements. This creates a gap for organisations operating under internal security standards and external audit/compliance frameworks.
Requested functionality

Please add configurable password policy controls for locally managed portal accounts, including:
Password expiration / rotation period (for example, every 90 days)
Minimum password length
Password complexity requirements
Password history / prevention of password reuse
Account lockout after a defined number of failed login attempts
Lockout duration and/or administrator unlock option
Optional warning period before password expiry
Business / compliance justification

These controls are required to meet common enterprise security and compliance requirements, including internal audit standards and wider governance frameworks. Without native support, customers must rely on manual operational workarounds or avoid using local authentication entirely, which is not always practical in all deployment scenarios.
The lack of enforceable password controls introduces the following issues:
Inability to demonstrate compliance with password management requirements
Increased operational overhead through manual password rotation processes
Greater risk associated with weak, reused, or non-expiring credentials
Difficulty applying consistent security standards across backup platforms
Expected outcome

Native password policy enforcement within the Veeam Backup for AWS portal would allow organisations to:
Align the product with standard enterprise security baselines
Reduce audit findings and compliance exceptions
Improve the security posture of local administrative access
Minimise reliance on procedural controls where technical controls are expected
Suggested enhancement options

Ideally, these controls should be available in the portal UI and/or via API, with policy settings configurable at the appliance or tenant level depending on product architecture.

Priority

This is a compliance-driven requirement and would be considered a high-priority enhancement for environments subject to regulated security controls.

[nielsengelen]

Hi Benny,

Your request is noted. We'll look into what we can implement as future enhancement.