last sync: 2024-Feb-21 20:03:25 UTC

Microsoft Managed Control 1111 - Response To Audit Processing Failures | Regulatory Compliance - Audit and Accountability

Azure BuiltIn Policy definition

Source Azure Portal
Display name Microsoft Managed Control 1111 - Response To Audit Processing Failures
Id 21de687c-f15e-4e51-bf8d-f35c8619965b
Version 1.0.0
Details on versioning
Category Regulatory Compliance
Microsoft Learn
Description Microsoft implements this Audit and Accountability control
Additional metadata Name/Id: ACF1111 / Microsoft Managed Control 1111
Category: Audit and Accountability
Title: Response to Audit Processing Failures - Alerts
Ownership: Customer, Microsoft
Description: The information system: Alerts Service Engineer Operations personnel, Microsoft Azure Security if confirmed in the event of an audit processing failure; and
Requirements: The Geneva Monitoring Agent (MA) is responsible for capturing log events and storing them in storage accounts specific to each service team. Incident Management (IcM) is an automated mechanism for scanning log storage and raising alerts when specific predefined criteria is met. IcM generates email notifications and creates a corresponding IcM ticket for action. IcM actively monitors Azure based on the filters and the thresholds identified within the rules defined by the Azure Security team and respective service teams. Key alerts include, but are not limited to, if AzSecPack is not installed, if audit data is not being received, and if the data decreases by a specific percentage, indicating an audit logging failure somewhere in the log pipeline. All alerts follow the incident management procedures, which include analysis to determine whether further action is necessary by either the service team or Security Response Team.
Mode Indexed
Type Static
Preview False
Deprecated False
Effect Fixed
RBAC role(s) none
Rule aliases none
Rule resource types IF (2)
Compliance Not a Compliance control
Initiatives usage none
History none
JSON compare n/a