Name/Id: ACF1020 / Microsoft Managed Control 1020 Category: Access Control Title: Account Management | Role-Based Schemes - Privileged Role Expiration Ownership: Customer, Microsoft Description: The organization: Takes actions to terminate the account or remove it from relevant security groups immediately when privileged role assignments are no longer appropriate. Requirements: Elevated role assignments are no longer appropriate when Azure personnel either no longer need the administrative access to accomplish their task, their allotted JIT time expires, or the personnel are transferred or terminated. In those cases, Azure follows the account management processes to terminate the account or revoke access.
Rule resource types
IF (2) Microsoft.Resources/subscriptions Microsoft.Resources/subscriptions/resourceGroups