last sync: 2025-Sep-10 17:22:52 UTC

Audit Windows machines missing any of specified members in the Administrators group

Azure BuiltIn Policy definition

Source Azure Portal
Display name Audit Windows machines missing any of specified members in the Administrators group
Id 30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7
Version 2.0.0
Details on versioning
Versioning Versions supported for Versioning: 1
2.0.0
Built-in Versioning [Preview]
Category Guest Configuration
Microsoft Learn
Description Requires that prerequisites are deployed to the policy assignment scope. For details, visit https://aka.ms/gcpol. Machines are non-compliant if the local Administrators group does not contain one or more members that are listed in the policy parameter.
Cloud environments AzureCloud = true
AzureUSGovernment = true
AzureChinaCloud = unknown
Available in AzUSGov The Policy is available in AzureUSGovernment cloud. Version: '1.0.0'
Repository: Azure-Policy 30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7
Mode Indexed
Type BuiltIn
Preview False
Deprecated False
Effect Fixed
auditIfNotExists
RBAC role(s) none
Rule aliases IF (7)
Alias Namespace ResourceType Path PathIsDefault DefaultPath Modifiable
Microsoft.Compute/imageOffer Microsoft.Compute
Microsoft.Compute
Microsoft.Compute
virtualMachines
virtualMachineScaleSets
disks
properties.storageProfile.imageReference.offer
properties.virtualMachineProfile.storageProfile.imageReference.offer
properties.creationData.imageReference.id
True
True
True


False
False
False
Microsoft.Compute/imagePublisher Microsoft.Compute
Microsoft.Compute
Microsoft.Compute
virtualMachines
virtualMachineScaleSets
disks
properties.storageProfile.imageReference.publisher
properties.virtualMachineProfile.storageProfile.imageReference.publisher
properties.creationData.imageReference.id
True
True
True


False
False
False
Microsoft.Compute/imageSKU Microsoft.Compute
Microsoft.Compute
Microsoft.Compute
virtualMachines
virtualMachineScaleSets
disks
properties.storageProfile.imageReference.sku
properties.virtualMachineProfile.storageProfile.imageReference.sku
properties.creationData.imageReference.id
True
True
True


False
False
False
Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration Microsoft.Compute virtualMachines properties.osProfile.windowsConfiguration True True
Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType Microsoft.Compute virtualMachines properties.storageProfile.osDisk.osType True True
Microsoft.ConnectedVMwarevSphere/virtualMachines/osProfile.osType Microsoft.ConnectedVMwarevSphere virtualmachines properties.osProfile.osType True False
Microsoft.HybridCompute/imageOffer Microsoft.HybridCompute machines properties.osName True False
THEN-ExistenceCondition (2)
Alias Namespace ResourceType Path PathIsDefault DefaultPath Modifiable
Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus Microsoft.GuestConfiguration guestConfigurationAssignments properties.complianceStatus True False
Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash Microsoft.GuestConfiguration guestConfigurationAssignments properties.parameterHash True False
Rule resource types IF (3)
Compliance
The following 22 compliance controls are associated with this Policy definition 'Audit Windows machines missing any of specified members in the Administrators group' (30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7)
Control Domain Control Name MetadataId Category Title Owner Requirements Description Info Policy#
Azure_Security_Benchmark_v1.0 3.3 Azure_Security_Benchmark_v1.0_3.3 Azure Security Benchmark 3.3 Identity and Access Control Use dedicated administrative accounts Customer Create standard operating procedures around the use of dedicated administrative accounts. Use Azure Security Center Identity and Access Management to monitor the number of administrative accounts. You can also enable a Just-In-Time / Just-Enough-Access by using Microsoft Entra Privileged Identity Management Privileged Roles for Microsoft Services, and Azure Resource Manager. Learn more: https://docs.microsoft.com/azure/active-directory/privileged-identity-management/ n/a link 5
CCCS AC-5 CCCS_AC-5 CCCS AC-5 Access Control Separation of Duties n/a (A) The organization: (a) Separate organization-defined duties of individuals including at least separation of operational, development, security monitoring, and management functions; (b) Documents separation of duties of individuals; and (c) Defines information system access authorizations to support separation of duties. link 7
CCCS AC-6 CCCS_AC-6 CCCS AC-6 Access Control Least Privilege n/a (A) The organization employs the principle of least privilege, allowing only authorized accesses for users (or processes acting on behalf of users) which are necessary to accomplish assigned tasks in accordance with organizational missions and business functions. link 7
CMMC_L2_v1.9.0 AU.L2_3.3.1 CMMC_L2_v1.9.0_AU.L2_3.3.1 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AU.L2 3.3.1 Audit and Accountability System Auditing Shared Create and retain system audit logs and records to the extent needed to enable the monitoring, analysis, investigation, and reporting of unlawful or unauthorized system activity. To enhance security and accountability measures. 40
CMMC_L2_v1.9.0 AU.L2_3.3.3 CMMC_L2_v1.9.0_AU.L2_3.3.3 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AU.L2 3.3.3 Audit and Accountability Event Review Shared Review and update logged events. To enhance the effectiveness of security measures. 33
CMMC_L2_v1.9.0 IA.L1_3.5.1 CMMC_L2_v1.9.0_IA.L1_3.5.1 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 IA.L1 3.5.1 Identification and Authentication Identification Shared Identify information system users, processes acting on behalf of users, or devices. To enable effective monitoring, authentication, and access control measures to be implemented within the system. 23
CMMC_L2_v1.9.0 PS.L2_3.9.2 CMMC_L2_v1.9.0_PS.L2_3.9.2 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 PS.L2 3.9.2 Personnel Security Personnel Actions Shared Ensure that organizational systems containing CUI are protected during and after personnel actions such as terminations and transfers. To ensure that organizational systems containing CUI are protected during and after personnel actions, such as terminations and transfers. 17
CMMC_L3 AC.3.017 CMMC_L3_AC.3.017 CMMC L3 AC.3.017 Access Control Separate the duties of individuals to reduce the risk of malevolent activity without collusion. Shared Microsoft and the customer share responsibilities for implementing this requirement. Separation of duties addresses the potential for abuse of authorized privileges and helps to reduce the risk of malevolent activity without collusion. Separation of duties includes dividing mission functions and system support functions among different individuals or roles; conducting system support functions with different individuals (e.g., configuration management, quality assurance and testing, system management, programming, and network security); and ensuring that security personnel administering access control functions do not also administer audit functions. Because separation of duty violations can span systems and application domains, organizations consider the entirety of organizational systems and system components when developing policy on separation of duties. link 4
hipaa 11211.01q2Organizational.11-01.q hipaa-11211.01q2Organizational.11-01.q 11211.01q2Organizational.11 - 01.q User Identification and Authentication Signed electronic records shall contain information associated with the signing in human-readable format. Customer n/a Azure does not implement identification codes and electronic signatures, per FDA CFR 21 Part 11. 1
hipaa 1127.01q2System.3-01.q hipaa-1127.01q2System.3-01.q 1127.01q2System.3-01.q 11 Access Control 1127.01q2System.3-01.q 01.05 Operating System Access Control Shared n/a Where tokens are provided for multi-factor authentication, in-person verification is required prior to granting access. 2
IRS_1075_9.3 .1.5 IRS_1075_9.3.1.5 IRS 1075 9.3.1.5 Access Control Separation of Duties (AC-5) n/a The agency must: a. Separate duties of individuals to prevent harmful activity without collusion b. Document separation of duties of individuals c. Define information system access authorizations to support separation of duties link 7
IRS_1075_9.3 .1.6 IRS_1075_9.3.1.6 IRS 1075 9.3.1.6 Access Control Least Privilege (AC-6) n/a The agency must: a. Employ the principle of least privilege, allowing only authorized accesses for users (or processes acting on behalf of users) that are necessary to accomplish assigned tasks in accordance with agency missions and business functions b. Explicitly authorize access to FTI (CE1) c. Require that users of information system accounts, or roles, with access to FTI, use non-privileged accounts or roles when accessing non-security functions (CE2) d. Restrict privileged accounts on the information system to a limited number of individuals with a need to perform administrative duties (CE5) The information system must: a. Audit the execution of privileged functions (CE9) b. Prevent non-privileged users from executing privileged functions; including disabling, circumventing, or altering implemented security safeguards/countermeasures (CE10) link 7
NIST_SP_800-171_R2_3 .1.4 NIST_SP_800-171_R2_3.1.4 NIST SP 800-171 R2 3.1.4 Access Control Separate the duties of individuals to reduce the risk of malevolent activity without collusion. Shared Microsoft and the customer share responsibilities for implementing this requirement. Separation of duties addresses the potential for abuse of authorized privileges and helps to reduce the risk of malevolent activity without collusion. Separation of duties includes dividing mission functions and system support functions among different individuals or roles; conducting system support functions with different individuals (e.g., configuration management, quality assurance and testing, system management, programming, and network security); and ensuring that security personnel administering access control functions do not also administer audit functions. Because separation of duty violations can span systems and application domains, organizations consider the entirety of organizational systems and system components when developing policy on separation of duties. link 6
NZISM_Security_Benchmark_v1.1 AC-11 NZISM_Security_Benchmark_v1.1_AC-11 NZISM Security Benchmark AC-11 Access Control and Passwords 16.4.30 Privileged Access Management Customer Agencies MUST establish a Privileged Access Management (PAM) policy. Within the context of agency operations, the agency’s PAM policy MUST define: a privileged account; and privileged access. Agencies MUST manage Privileged Accounts in accordance with the Agency’s PAM Policy. A fundamental part of any security policy is the inclusion of requirements for the treatment of Privileged Accounts. This is most conveniently contained in a Privileged Access Management (PAM) section within the agency’s security policy. A PAM policy is a fundamental component of an agency’s IT Governance. link 9
PCI_DSS_v4.0.1 10.4.2.1 PCI_DSS_v4.0.1_10.4.2.1 PCI DSS v4.0.1 10.4.2.1 Log and Monitor All Access to System Components and Cardholder Data Frequency of Log Reviews Shared n/a The frequency of periodic log reviews for all other system components (not defined in Requirement 10.4.1) is defined in the entity’s targeted risk analysis, which is performed according to all elements specified in Requirement 12.3.1 25
PCI_DSS_v4.0.1 7.2.1 PCI_DSS_v4.0.1_7.2.1 PCI DSS v4.0.1 7.2.1 Restrict Access to System Components and Cardholder Data by Business Need to Know An access control model is defined and includes granting access as follows: Appropriate access depending on the entity’s business and access needs. Access to system components and data resources that is based on users’ job classification and functions. The least privileges required (for example, user, administrator) to perform a job function Shared n/a Examine documented policies and procedures and interview personnel to verify the access control model is defined in accordance with all elements specified in this requirement. Examine access control model settings and verify that access needs are appropriately defined in accordance with all elements specified in this requirement 43
PCI_DSS_v4.0.1 7.2.2 PCI_DSS_v4.0.1_7.2.2 PCI DSS v4.0.1 7.2.2 Restrict Access to System Components and Cardholder Data by Business Need to Know Access is assigned to users, including privileged users, based on: Job classification and function. Least privileges necessary to perform job responsibilities Shared n/a Examine policies and procedures to verify they cover assigning access to users in accordance with all elements specified in this requirement. Examine user access settings, including for privileged users, and interview responsible management personnel to verify that privileges assigned are in accordance with all elements specified in this requirement. Interview personnel responsible for assigning access to verify that privileged user access is assigned in accordance with all elements specified in this requirement 43
PCI_DSS_v4.0.1 7.2.3 PCI_DSS_v4.0.1_7.2.3 PCI DSS v4.0.1 7.2.3 Restrict Access to System Components and Cardholder Data by Business Need to Know Required privileges are approved by authorized personnel Shared n/a Examine policies and procedures to verify they define processes for approval of all privileges by authorized personnel. Examine user IDs and assigned privileges, and compare with documented approvals to verify that: Documented approval exists for the assigned privileges. The approval was by authorized personnel. Specified privileges match the roles assigned to the individual 38
PCI_DSS_v4.0.1 7.2.4 PCI_DSS_v4.0.1_7.2.4 PCI DSS v4.0.1 7.2.4 Restrict Access to System Components and Cardholder Data by Business Need to Know All user accounts and related access privileges, including third-party/vendor accounts, are reviewed as follows: At least once every six months. To ensure user accounts and access remain appropriate based on job function. Any inappropriate access is addressed. Management acknowledges that access remains appropriate Shared n/a Examine policies and procedures to verify they define processes to review all user accounts and related access privileges, including third-party/vendor accounts, in accordance with all elements specified in this requirement. Interview responsible personnel and examine documented results of periodic reviews of user accounts to verify that all the results are in accordance with all elements specified in this requirement 40
PCI_DSS_v4.0.1 7.2.5 PCI_DSS_v4.0.1_7.2.5 PCI DSS v4.0.1 7.2.5 Restrict Access to System Components and Cardholder Data by Business Need to Know All application and system accounts and related access privileges are assigned and managed as follows: Based on the least privileges necessary for the operability of the system or application. Access is limited to the systems, applications, or processes that specifically require their use Shared n/a Examine policies and procedures to verify they define processes to manage and assign application and system accounts and related access privileges in accordance with all elements specified in this requirement. Examine privileges associated with system and application accounts and interview responsible personnel to verify that application and system accounts and related access privileges are assigned and managed in accordance with all elements specified in this requirement 44
PCI_DSS_v4.0.1 7.2.5.1 PCI_DSS_v4.0.1_7.2.5.1 PCI DSS v4.0.1 7.2.5.1 Restrict Access to System Components and Cardholder Data by Business Need to Know All access by application and system accounts and related access privileges are reviewed as follows: Periodically (at the frequency defined in the entity’s targeted risk analysis, which is performed according to all elements specified in Requirement 12.3.1). The application/system access remains appropriate for the function being performed. Any inappropriate access is addressed. Management acknowledges that access remains appropriate Shared n/a Examine policies and procedures to verify they define processes to review all application and system accounts and related access privileges in accordance with all elements specified in this requirement. Examine the entity’s targeted risk analysis for the frequency of periodic reviews of application and system accounts and related access privileges to verify the risk analysis was performed in accordance with all elements specified in Requirement 12.3.1. Interview responsible personnel and examine documented results of periodic reviews of system and application accounts and related privileges to verify that the reviews occur in accordance with all elements specified in this requirement 39
PCI_DSS_v4.0.1 7.2.6 PCI_DSS_v4.0.1_7.2.6 PCI DSS v4.0.1 7.2.6 Restrict Access to System Components and Cardholder Data by Business Need to Know All user access to query repositories of stored cardholder data is restricted as follows: Via applications or other programmatic methods, with access and allowed actions based on user roles and least privileges. Only the responsible administrator(s) can directly access or query repositories of stored CHD Shared n/a Examine policies and procedures and interview personnel to verify processes are defined for granting user access to query repositories of stored cardholder data, in accordance with all elements specified in this requirement. Examine configuration settings for querying repositories of stored cardholder data to verify they are in accordance with all elements specified in this requirement 41
Initiatives usage
Initiative DisplayName Initiative Id Initiative Category State Type polSet in AzUSGov
[Deprecated]: Azure Security Benchmark v1 42a694ed-f65e-42b2-aa9e-8052e9740a92 Regulatory Compliance Deprecated BuiltIn true
[Deprecated]: DoD Impact Level 4 8d792a84-723c-4d92-a3c3-e4ed16a2d133 Regulatory Compliance Deprecated BuiltIn true
[Deprecated]: New Zealand ISM Restricted d1a462af-7e6d-4901-98ac-61570b4ed22a Regulatory Compliance Deprecated BuiltIn unknown
[Preview]: SWIFT CSP-CSCF v2020 3e0c67fc-8c7c-406c-89bd-6b6bdc986a22 Regulatory Compliance Preview BuiltIn unknown
Canada Federal PBMM 4c4a5f27-de81-430b-b4e5-9cbd50595a87 Regulatory Compliance GA BuiltIn unknown
CMMC Level 3 b5629c75-5c77-4422-87b9-2509e680f8de Regulatory Compliance GA BuiltIn true
Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 a4087154-2edb-4329-b56a-1cc986807f3c Regulatory Compliance GA BuiltIn unknown
HITRUST/HIPAA a169a624-5599-4385-a696-c8d643089fab Regulatory Compliance GA BuiltIn unknown
IRS1075 September 2016 105e0327-6175-4eb2-9af4-1fba43bdb39d Regulatory Compliance GA BuiltIn true
NIST SP 800-171 Rev. 2 03055927-78bd-4236-86c0-f36125a10dc9 Regulatory Compliance GA BuiltIn true
PCI DSS v4.0.1 a06d5deb-24aa-4991-9d58-fa7563154e31 Regulatory Compliance GA BuiltIn unknown
History
Date/Time (UTC ymd) (i) Change type Change detail
2022-01-28 17:51:01 change Major (1.0.0 > 2.0.0)
2020-09-09 11:24:03 add 30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7
JSON compare
compare mode: version left: version right:
JSON
api-version=2021-06-01
EPAC