last sync: 2024-Jul-16 18:17:33 UTC

Microsoft Managed Control 1020 - Account Management | Role-Based Schemes | Regulatory Compliance - Access Control

Azure BuiltIn Policy definition

Source Azure Portal
Display name Microsoft Managed Control 1020 - Account Management | Role-Based Schemes
Id 0b291ee8-3140-4cad-beb7-568c077c78ce
Version 1.0.0
Details on versioning
Category Regulatory Compliance
Microsoft Learn
Description Microsoft implements this Access Control control
Additional metadata Name/Id: ACF1020 / Microsoft Managed Control 1020
Category: Access Control
Title: Account Management | Role-Based Schemes - Privileged Role Expiration
Ownership: Customer, Microsoft
Description: The organization: Takes actions to terminate the account or remove it from relevant security groups immediately when privileged role assignments are no longer appropriate.
Requirements: Elevated role assignments are no longer appropriate when Azure personnel either no longer need the administrative access to accomplish their task, their allotted JIT time expires, or the personnel are transferred or terminated. In those cases, Azure follows the account management processes to terminate the account or revoke access.
Mode Indexed
Type Static
Preview False
Deprecated False
Effect Fixed
audit
RBAC role(s) none
Rule aliases none
Rule resource types IF (2)
Microsoft.Resources/subscriptions
Microsoft.Resources/subscriptions/resourceGroups
Compliance Not a Compliance control
Initiatives usage none
History none
JSON compare n/a
JSON
api-version=2021-06-01
EPAC