last sync: 2024-May-24 18:03:04 UTC

Microsoft Managed Control 1333 - Authenticator Management | Pki-Based Authentication | Regulatory Compliance - Identification and Authentication

Azure BuiltIn Policy definition

Source Azure Portal
Display name Microsoft Managed Control 1333 - Authenticator Management | Pki-Based Authentication
Id 3298d6bf-4bc6-4278-a95d-f7ef3ac6e594
Version 1.0.0
Details on versioning
Category Regulatory Compliance
Microsoft Learn
Description Microsoft implements this Identification and Authentication control
Additional metadata Name/Id: ACF1333 / Microsoft Managed Control 1333
Category: Identification and Authentication
Title: Authenticator Management | Pki-Based Authentication - Trusted Anchor Path
Ownership: Customer, Microsoft
Description: The information system, for PKI-based authentication: Validates certifications by constructing and verifying a certification path to an accepted trust anchor including checking certificate status information;
Requirements: Microsoft’s corporate PKI has been established to provide a variety of digital certificate services to support operations for Azure and for the Microsoft corporation. The Microsoft corporate PKI functions as the Certificate Authority (CA) and Registration Authority (RA) and provides directory services to manage keys and certificates. The certificates are signed by an internal Microsoft CA and are validated against that CA's public key. Azure also checks certificates against certificate revocation lists. PKI certificates are stored within smart cards and authorized access to the corresponding private keys are enforced. Access to certs is restricted via PIN requirements to gain access to the certificate stored on the card. The Azure PKI intermediate CA servers are members of only internally rooted PKI chains, permitting the issuance of certificates to users and computers within the Azure AD environments. Azure validates the certificates by constructing a certification path with status information to an accepted trust anchor.
Mode Indexed
Type Static
Preview False
Deprecated False
Effect Fixed
RBAC role(s) none
Rule aliases none
Rule resource types IF (2)
Compliance Not a Compliance control
Initiatives usage none
History none
JSON compare n/a