Microsoft implements this System and Services Acquisition control
Name/Id: ACF1579 / Microsoft Managed Control 1579 Category: System and Services Acquisition Title: Acquisitions Process | Use Of Approved Piv Products Ownership: Customer, Microsoft Description: The organization employs only information technology products on the FIPS 201-approved products list for Personal Identity Verification (PIV) capability implemented within organizational information systems. Requirements: Azure does not utilize Personal Identity Verification (PIV) credentials for internal personnel because PIV cards are not available to Azure.
Rule resource types
IF (2) Microsoft.Resources/subscriptions Microsoft.Resources/subscriptions/resourceGroups