last sync: 2024-May-24 18:03:04 UTC

Audit Windows machines that have extra accounts in the Administrators group

Azure BuiltIn Policy definition

Source Azure Portal
Display name Audit Windows machines that have extra accounts in the Administrators group
Id 3d2a3320-2a72-4c67-ac5f-caa40fbee2b2
Version 2.0.0
Details on versioning
Category Guest Configuration
Microsoft Learn
Description Requires that prerequisites are deployed to the policy assignment scope. For details, visit https://aka.ms/gcpol. Machines are non-compliant if the local Administrators group contains members that are not listed in the policy parameter.
Mode Indexed
Type BuiltIn
Preview False
Deprecated False
Effect Fixed
auditIfNotExists
RBAC role(s) none
Rule aliases IF (7)
Alias Namespace ResourceType DefaultPath Modifiable
Microsoft.Compute/imageOffer Microsoft.Compute
Microsoft.Compute
Microsoft.Compute
virtualMachines
virtualMachineScaleSets
disks
properties.storageProfile.imageReference.offer
properties.virtualMachineProfile.storageProfile.imageReference.offer
properties.creationData.imageReference.id
false
false
false
Microsoft.Compute/imagePublisher Microsoft.Compute
Microsoft.Compute
Microsoft.Compute
virtualMachines
virtualMachineScaleSets
disks
properties.storageProfile.imageReference.publisher
properties.virtualMachineProfile.storageProfile.imageReference.publisher
properties.creationData.imageReference.id
false
false
false
Microsoft.Compute/imageSKU Microsoft.Compute
Microsoft.Compute
Microsoft.Compute
virtualMachines
virtualMachineScaleSets
disks
properties.storageProfile.imageReference.sku
properties.virtualMachineProfile.storageProfile.imageReference.sku
properties.creationData.imageReference.id
false
false
false
Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration Microsoft.Compute virtualMachines properties.osProfile.windowsConfiguration true
Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType Microsoft.Compute virtualMachines properties.storageProfile.osDisk.osType true
Microsoft.ConnectedVMwarevSphere/virtualMachines/osProfile.osType Microsoft.ConnectedVMwarevSphere virtualmachines properties.osProfile.osType false
Microsoft.HybridCompute/imageOffer Microsoft.HybridCompute machines properties.osName false
THEN-ExistenceCondition (2)
Alias Namespace ResourceType DefaultPath Modifiable
Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus Microsoft.GuestConfiguration guestConfigurationAssignments properties.complianceStatus false
Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash Microsoft.GuestConfiguration guestConfigurationAssignments properties.parameterHash false
Rule resource types IF (3)
Microsoft.Compute/virtualMachines
Microsoft.ConnectedVMwarevSphere/virtualMachines
Microsoft.HybridCompute/machines
Compliance
The following 3 compliance controls are associated with this Policy definition 'Audit Windows machines that have extra accounts in the Administrators group' (3d2a3320-2a72-4c67-ac5f-caa40fbee2b2)
Control Domain Control Name MetadataId Category Title Owner Requirements Description Info Policy#
Azure_Security_Benchmark_v1.0 3.3 Azure_Security_Benchmark_v1.0_3.3 Azure Security Benchmark 3.3 Identity and Access Control Use dedicated administrative accounts Customer Create standard operating procedures around the use of dedicated administrative accounts. Use Azure Security Center Identity and Access Management to monitor the number of administrative accounts. You can also enable a Just-In-Time / Just-Enough-Access by using Microsoft Entra Privileged Identity Management Privileged Roles for Microsoft Services, and Azure Resource Manager. Learn more: https://docs.microsoft.com/azure/active-directory/privileged-identity-management/ n/a link 5
hipaa 1123.01q1System.2-01.q hipaa-1123.01q1System.2-01.q 1123.01q1System.2-01.q 11 Access Control 1123.01q1System.2-01.q 01.05 Operating System Access Control Shared n/a Users who perform privileged functions (e.g., system administration) use separate accounts when performing those privileged functions. 6
NZISM_Security_Benchmark_v1.1 AC-11 NZISM_Security_Benchmark_v1.1_AC-11 NZISM Security Benchmark AC-11 Access Control and Passwords 16.4.30 Privileged Access Management Customer Agencies MUST establish a Privileged Access Management (PAM) policy. Within the context of agency operations, the agency’s PAM policy MUST define: a privileged account; and privileged access. Agencies MUST manage Privileged Accounts in accordance with the Agency’s PAM Policy. A fundamental part of any security policy is the inclusion of requirements for the treatment of Privileged Accounts. This is most conveniently contained in a Privileged Access Management (PAM) section within the agency’s security policy. A PAM policy is a fundamental component of an agency’s IT Governance. link 9
Initiatives usage
Initiative DisplayName Initiative Id Initiative Category State Type
[Deprecated]: Azure Security Benchmark v1 42a694ed-f65e-42b2-aa9e-8052e9740a92 Regulatory Compliance Deprecated BuiltIn
[Deprecated]: New Zealand ISM Restricted d1a462af-7e6d-4901-98ac-61570b4ed22a Regulatory Compliance Deprecated BuiltIn
HITRUST/HIPAA a169a624-5599-4385-a696-c8d643089fab Regulatory Compliance GA BuiltIn
History
Date/Time (UTC ymd) (i) Change type Change detail
2022-01-28 17:51:01 change Major (1.0.0 > 2.0.0)
2020-09-09 11:24:03 add 3d2a3320-2a72-4c67-ac5f-caa40fbee2b2
JSON compare
compare mode: version left: version right:
JSON
api-version=2021-06-01
EPAC