| Source | Azure Portal | ||
| Display name | Microsoft Managed Control 1310 - Device Identification And Authentication | ||
| Id | 450d7ede-823d-4931-a99d-57f6a38807dc | ||
| Version | 1.0.0 Details on versioning |
||
| Category | Regulatory Compliance Microsoft Learn |
||
| Description | Microsoft implements this Identification and Authentication control | ||
| Additional metadata |
Name/Id: ACF1310 / Microsoft Managed Control 1310 Category: Identification and Authentication Title: Device Identification And Authentication Ownership: Customer, Microsoft Description: The information system uniquely identifies and authenticates all devices within the Microsoft Azure accreditation boundary before establishing a network connection. Requirements: Azure identifies and authenticates network devices and servers, both physical and virtual. Servers All Azure physical server name resolution is performed through DNS addresses. Subnets used for the physical server environment use IP addresses provisioned from RFC 1918 non-publicly routable address space. Physical servers are identified and tracked using Datacenter Manager (DCM). When establishing an Azure subscription, a subscription ID is created. The Fabric Controller (FC), which manages all VMs in Azure, uses this subscription ID to tie VMs to specific subscriptions. Devices on the Azure environment authenticate with unique identifiers in the form of static MAC addresses and certificates. A physical asset or VM obtains an IP address over the network when it initially boots-up. The Fabric DHCP Server is responsible for assigning IP addresses to physical assets and VMs as determined by the Fabric Controller. This allows the Fabric Controller to take control of managing the IP address pools for the set of physical assets. IPFilter on the operating system (RDOS) is programmed via the Fabric to only allow traffic from specific MAC addresses and specific DIPs, to counter ARP spoofing. Network Devices As part of the network discovery and configuration steps in the bootstrap workflow, network devices are pre-configured to use DHCP/PXE boot for their configuration. Upon boot of the network device, the bootstrap agent provides the OS image for the device and the basic configuration, including the IP address and credentials, before establishing the connection to the environment. |
||
| Mode | Indexed | ||
| Type | Static | ||
| Preview | False | ||
| Deprecated | False | ||
| Effect | Fixed audit |
||
| RBAC role(s) | none | ||
| Rule aliases | none | ||
| Rule resource types | IF (2) Microsoft.Resources/subscriptions Microsoft.Resources/subscriptions/resourceGroups |
||
| Compliance | Not a Compliance control | ||
| Initiatives usage | none | ||
| History | none | ||
| JSON compare | n/a | ||
| JSON |
|