last sync: 2024-Oct-04 17:51:30 UTC

Microsoft Managed Control 1026 - Account Management | Disable Accounts For High-Risk Individuals | Regulatory Compliance - Access Control

Azure BuiltIn Policy definition

Source Azure Portal
Display name Microsoft Managed Control 1026 - Account Management | Disable Accounts For High-Risk Individuals
Id 55419419-c597-4cd4-b51e-009fd2266783
Version 1.0.0
Details on versioning
Versioning Versions supported for Versioning: 0
Built-in Versioning [Preview]
Category Regulatory Compliance
Microsoft Learn
Description Microsoft implements this Access Control control
Additional metadata Name/Id: ACF1026 / Microsoft Managed Control 1026
Category: Access Control
Title: Account Management | Disable Accounts For High-Risk Individuals
Ownership: Customer, Microsoft
Description: The organization disables accounts of users posing a significant risk within one (1) hour of discovery of the risk.
Requirements: Active monitoring tools include the Geneva Monitoring Agent (MA), System Center Operations Manager (SCOM), and Kusto. Audit records for each Azure service are captured by the MA and retained in Azure Storage. The MA aggregates monitoring information for review. SCOM provides file integrity validation and protection, as well as the recovery of core system files if any unauthorized changes are detected. Kusto consolidates all available logs. These tools are configured to provide near-real-time alerts to service team or Security Response Team personnel in situations that require immediate action. Microsoft documents the indications of compromise or potential compromise in the Incident Management SOP. Azure follows normal incident reporting procedures if atypical usage is detected. Per the new hire orientation process, users that are discovered to pose a significant risk to Microsoft are terminated and their access is revoked from Microsoft networks, including Azure. For involuntary terminations, an urgent request for access termination is submitted via email from HR and access is disabled within four (4) hours.
Mode Indexed
Type Static
Preview False
Deprecated False
Effect Fixed
audit
RBAC role(s) none
Rule aliases none
Rule resource types IF (2)
Microsoft.Resources/subscriptions
Microsoft.Resources/subscriptions/resourceGroups
Compliance
The following 1 compliance controls are associated with this Policy definition 'Microsoft Managed Control 1026 - Account Management | Disable Accounts For High-Risk Individuals' (55419419-c597-4cd4-b51e-009fd2266783)
Control Domain Control Name MetadataId Category Title Owner Requirements Description Info Policy#
op.pl.1 Risk analysis op.pl.1 Risk analysis 404 not found n/a n/a 70
Initiatives usage
Initiative DisplayName Initiative Id Initiative Category State Type
Spain ENS 175daf90-21e1-4fec-b745-7b4c909aa94c Regulatory Compliance GA BuiltIn
History none
JSON compare n/a
JSON
api-version=2021-06-01
EPAC