last sync: 2023-Sep-29 17:58:48 UTC

Azure Policy definition

Microsoft Managed Control 1310 - Device Identification And Authentication | Regulatory Compliance - Identification and Authentication

Source Azure Portal
Display name Microsoft Managed Control 1310 - Device Identification And Authentication
Id 450d7ede-823d-4931-a99d-57f6a38807dc
Version 1.0.0
details on versioning
Category Regulatory Compliance
Microsoft docs
Description Microsoft implements this Identification and Authentication control
Additional metadata Name/Id: ACF1310 / Microsoft Managed Control 1310
Category: Identification and Authentication
Title: Device Identification And Authentication
Ownership: Customer, Microsoft
Description: The information system uniquely identifies and authenticates all devices within the Microsoft Azure accreditation boundary before establishing a network connection.
Requirements: Azure identifies and authenticates network devices and servers, both physical and virtual. Servers All Azure physical server name resolution is performed through DNS addresses. Subnets used for the physical server environment use IP addresses provisioned from RFC 1918 non-publicly routable address space. Physical servers are identified and tracked using Datacenter Manager (DCM). When establishing an Azure subscription, a subscription ID is created. The Fabric Controller (FC), which manages all VMs in Azure, uses this subscription ID to tie VMs to specific subscriptions. Devices on the Azure environment authenticate with unique identifiers in the form of static MAC addresses and certificates. A physical asset or VM obtains an IP address over the network when it initially boots-up. The Fabric DHCP Server is responsible for assigning IP addresses to physical assets and VMs as determined by the Fabric Controller. This allows the Fabric Controller to take control of managing the IP address pools for the set of physical assets. IPFilter on the operating system (RDOS) is programmed via the Fabric to only allow traffic from specific MAC addresses and specific DIPs, to counter ARP spoofing. Network Devices As part of the network discovery and configuration steps in the bootstrap workflow, network devices are pre-configured to use DHCP/PXE boot for their configuration. Upon boot of the network device, the bootstrap agent provides the OS image for the device and the basic configuration, including the IP address and credentials, before establishing the connection to the environment.
Mode Indexed
Type Static
Preview False
Deprecated False
Effect Fixed
RBAC role(s) none
Rule aliases none
Rule resource types IF (2)
Compliance Not a Compliance control
Initiatives usage none
History none
JSON compare n/a