last sync: 2024-May-27 19:38:21 UTC

Microsoft Managed Control 1341 - Authenticator Management | Multiple Information System Accounts | Regulatory Compliance - Identification and Authentication

Azure BuiltIn Policy definition

Source Azure Portal
Display name Microsoft Managed Control 1341 - Authenticator Management | Multiple Information System Accounts
Id 34cb7e92-fe4c-4826-b51e-8cd203fa5d35
Version 1.0.0
Details on versioning
Category Regulatory Compliance
Microsoft Learn
Description Microsoft implements this Identification and Authentication control
Additional metadata Name/Id: ACF1341 / Microsoft Managed Control 1341
Category: Identification and Authentication
Title: Authenticator Management | Multiple Information System Accounts
Ownership: Customer, Microsoft
Description: The organization implements unique smart cards to manage the risk of compromise due to individuals having accounts on multiple information systems.
Requirements: Azure uses smart cards that differentiate between different AD domains. This ensures that personnel use different authenticators when accessing the two systems and prevents an attacker from gaining access to both systems if one set of authenticators is compromised. In addition, Azure uses single-sign-on, encryption of AAD passwords that exist in the back-end and passwords utilized where smartcards are not possible via storage in Azure Key Vault, and encryption of all traffic with HTTPS, mitigating the risk of compromise.
Mode Indexed
Type Static
Preview False
Deprecated False
Effect Fixed
audit
RBAC role(s) none
Rule aliases none
Rule resource types IF (2)
Microsoft.Resources/subscriptions
Microsoft.Resources/subscriptions/resourceGroups
Compliance Not a Compliance control
Initiatives usage none
History none
JSON compare n/a
JSON
api-version=2021-06-01
EPAC