AzPolicyAdvertizer

last sync: 2023-Dec-06 18:52:29 UTC

Azure Policy definition

Audit Windows machines that have extra accounts in the Administrators group

Source

Azure Portal

Display name

Audit Windows machines that have extra accounts in the Administrators group

3d2a3320-2a72-4c67-ac5f-caa40fbee2b2

Version

2.0.0
Details on versioning

Category

Guest Configuration
Microsoft Learn

Description

Requires that prerequisites are deployed to the policy assignment scope. For details, visit https://aka.ms/gcpol. Machines are non-compliant if the local Administrators group contains members that are not listed in the policy parameter.

Mode

Indexed

Type

BuiltIn

Preview

False

Deprecated

False

Effect

Fixed
auditIfNotExists

RBAC role(s)

none

Rule aliases

IF (7)

Alias	Namespace	ResourceType	DefaultPath	Modifiable
Microsoft.Compute/imageOffer	Microsoft.Compute Microsoft.Compute Microsoft.Compute	virtualMachines virtualMachineScaleSets disks	properties.storageProfile.imageReference.offer properties.virtualMachineProfile.storageProfile.imageReference.offer properties.creationData.imageReference.id	false false false
Microsoft.Compute/imagePublisher	Microsoft.Compute Microsoft.Compute Microsoft.Compute	virtualMachines virtualMachineScaleSets disks	properties.storageProfile.imageReference.publisher properties.virtualMachineProfile.storageProfile.imageReference.publisher properties.creationData.imageReference.id	false false false
Microsoft.Compute/imageSKU	Microsoft.Compute Microsoft.Compute Microsoft.Compute	virtualMachines virtualMachineScaleSets disks	properties.storageProfile.imageReference.sku properties.virtualMachineProfile.storageProfile.imageReference.sku properties.creationData.imageReference.id	false false false
Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration	Microsoft.Compute	virtualMachines	properties.osProfile.windowsConfiguration	true
Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType	Microsoft.Compute	virtualMachines	properties.storageProfile.osDisk.osType	true
Microsoft.ConnectedVMwarevSphere/virtualMachines/osProfile.osType	Microsoft.ConnectedVMwarevSphere	virtualmachines	properties.osProfile.osType	false
Microsoft.HybridCompute/imageOffer	Microsoft.HybridCompute	machines	properties.osName	false

THEN-ExistenceCondition (2)

Alias	Namespace	ResourceType	DefaultPath	Modifiable
Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus	Microsoft.GuestConfiguration	guestConfigurationAssignments	properties.complianceStatus	false
Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash	Microsoft.GuestConfiguration	guestConfigurationAssignments	properties.parameterHash	false

Rule resource types

IF (3)
Microsoft.Compute/virtualMachines
Microsoft.ConnectedVMwarevSphere/virtualMachines
Microsoft.HybridCompute/machines

Compliance

The following 3 compliance controls are associated with this Policy definition 'Audit Windows machines that have extra accounts in the Administrators group' (3d2a3320-2a72-4c67-ac5f-caa40fbee2b2)

Control Domain	Control	Name	MetadataId	Category	Title	Owner	Requirements	Description	Info	Policy#
Azure_Security_Benchmark_v1.0	3.3	Azure_Security_Benchmark_v1.0_3.3	Azure Security Benchmark 3.3	Identity and Access Control	Use dedicated administrative accounts	Customer	Create standard operating procedures around the use of dedicated administrative accounts. Use Azure Security Center Identity and Access Management to monitor the number of administrative accounts. You can also enable a Just-In-Time / Just-Enough-Access by using Microsoft Entra Privileged Identity Management Privileged Roles for Microsoft Services, and Azure Resource Manager. Learn more: https://docs.microsoft.com/azure/active-directory/privileged-identity-management/	n/a	link	5
hipaa	1123.01q1System.2-01.q	hipaa-1123.01q1System.2-01.q	1123.01q1System.2-01.q	11 Access Control	1123.01q1System.2-01.q 01.05 Operating System Access Control	Shared	n/a	Users who perform privileged functions (e.g., system administration) use separate accounts when performing those privileged functions.		6
NZISM_Security_Benchmark_v1.1	AC-11	NZISM_Security_Benchmark_v1.1_AC-11	NZISM Security Benchmark AC-11	Access Control and Passwords	16.4.30 Privileged Access Management	Customer	Agencies MUST establish a Privileged Access Management (PAM) policy. Within the context of agency operations, the agency’s PAM policy MUST define: a privileged account; and privileged access. Agencies MUST manage Privileged Accounts in accordance with the Agency’s PAM Policy.	A fundamental part of any security policy is the inclusion of requirements for the treatment of Privileged Accounts. This is most conveniently contained in a Privileged Access Management (PAM) section within the agency’s security policy. A PAM policy is a fundamental component of an agency’s IT Governance.	link	9

Initiatives usage

Initiative DisplayName	Initiative Id	Initiative Category	State	Type
[Deprecated]: Azure Security Benchmark v1	42a694ed-f65e-42b2-aa9e-8052e9740a92	Regulatory Compliance	Deprecated	BuiltIn
HITRUST/HIPAA	a169a624-5599-4385-a696-c8d643089fab	Regulatory Compliance	GA	BuiltIn
New Zealand ISM Restricted	d1a462af-7e6d-4901-98ac-61570b4ed22a	Regulatory Compliance	GA	BuiltIn

History

Date/Time (UTC ymd) (i)	Change type	Change detail
2022-01-28 17:51:01	change	Major (1.0.0 > 2.0.0)
2020-09-09 11:24:03	add	3d2a3320-2a72-4c67-ac5f-caa40fbee2b2

JSON compare

compare mode: version left: version right:

JSON

api-version=2021-06-01
EPAC