AzPolicyAdvertizer

last sync: 2025-Apr-29 17:16:02 UTC

Microsoft Managed Control 1033 - Separation Of Duties | Regulatory Compliance - Access Control

Azure BuiltIn Policy definition

Source

Azure Portal

Display name

Microsoft Managed Control 1033 - Separation Of Duties

48540f01-fc11-411a-b160-42807c68896e

Version

1.0.0
Details on versioning

Versioning

Versions supported for Versioning: 0
Built-in Versioning [Preview]

Category

Regulatory Compliance
Microsoft Learn

Description

Microsoft implements this Access Control control

Cloud environments

AzureCloud = true
AzureUSGovernment = true
AzureChinaCloud = unknown

Available in AzUSGov

The Policy is available in AzureUSGovernment cloud. Version: '1.0.0'
Repository: Azure-Policy 48540f01-fc11-411a-b160-42807c68896e

Additional metadata

Name/Id: ACF1033 / Microsoft Managed Control 1033
Category: Access Control
Title: Separation of Duties - Role Definition
Ownership: Customer, Microsoft
Description: The organization: Defines information system access authorizations to support separation of duties.
Requirements: Azure enforces separation of duties within the environment through role-based security groups defined in AD, through JIT access, and through emergency access account alerting. Each user is a member of a certain security group or set of security groups that enforces access to the system based on the appropriate roles associated with that security group.

Mode

Indexed

Type

Static

Preview

False

Deprecated

False

Effect

Fixed
audit

RBAC role(s)

none

Rule aliases

none

Rule resource types

IF (2)

Microsoft.Resources/subscriptions
Microsoft.Resources/subscriptions/resourceGroups

Compliance

The following 1 compliance controls are associated with this Policy definition 'Microsoft Managed Control 1033 - Separation Of Duties' (48540f01-fc11-411a-b160-42807c68896e)

Control Domain	Control	Name	MetadataId	Category	Title	Owner	Requirements	Description	Info	Policy#
NIS2	AM._Asset_Management_9	NIS2_AM._Asset_Management_9	NIS2_AM._Asset_Management_9	AM. Asset Management	Human resources security, access control policies and asset management		n/a	The cybersecurity risk-management measures should therefore also address the physical and environmental security of network and information systems by including measures to protect such systems from system failures, human error, malicious acts or natural phenomena, in line with European and international standards, such as those included in the ISO/IEC 27000 series. In that regard, essential and important entities should, as part of their cybersecurity risk-management measures, also address human resources security and have in place appropriate access control policies. Those measures should be consistent with Directive (EU) 2022/2557.		28

Initiatives usage

Initiative DisplayName	Initiative Id	Initiative Category	State	Type	polSet in AzUSGov
[Preview]: NIS2	32ff9e30-4725-4ca7-ba3a-904a7721ee87	Regulatory Compliance	Preview	BuiltIn	unknown

History

none

JSON compare

n/a

JSON

api-version=2021-06-01
EPAC