| Source | Azure Portal | ||
| Display name | Microsoft Managed Control 1333 - Authenticator Management | Pki-Based Authentication | ||
| Id | 3298d6bf-4bc6-4278-a95d-f7ef3ac6e594 | ||
| Version | 1.0.0 Details on versioning |
||
| Category | Regulatory Compliance Microsoft Learn |
||
| Description | Microsoft implements this Identification and Authentication control | ||
| Additional metadata |
Name/Id: ACF1333 / Microsoft Managed Control 1333 Category: Identification and Authentication Title: Authenticator Management | Pki-Based Authentication - Trusted Anchor Path Ownership: Customer, Microsoft Description: The information system, for PKI-based authentication: Validates certifications by constructing and verifying a certification path to an accepted trust anchor including checking certificate status information; Requirements: Microsoft’s corporate PKI has been established to provide a variety of digital certificate services to support operations for Azure and for the Microsoft corporation. The Microsoft corporate PKI functions as the Certificate Authority (CA) and Registration Authority (RA) and provides directory services to manage keys and certificates. The certificates are signed by an internal Microsoft CA and are validated against that CA's public key. Azure also checks certificates against certificate revocation lists. PKI certificates are stored within smart cards and authorized access to the corresponding private keys are enforced. Access to certs is restricted via PIN requirements to gain access to the certificate stored on the card. The Azure PKI intermediate CA servers are members of only internally rooted PKI chains, permitting the issuance of certificates to users and computers within the Azure AD environments. Azure validates the certificates by constructing a certification path with status information to an accepted trust anchor. |
||
| Mode | Indexed | ||
| Type | Static | ||
| Preview | False | ||
| Deprecated | False | ||
| Effect | Fixed audit |
||
| RBAC role(s) | none | ||
| Rule aliases | none | ||
| Rule resource types | IF (2) Microsoft.Resources/subscriptions Microsoft.Resources/subscriptions/resourceGroups |
||
| Compliance | Not a Compliance control | ||
| Initiatives usage | none | ||
| History | none | ||
| JSON compare | n/a | ||
| JSON |
|