last sync: 2024-Jun-13 18:14:14 UTC

Microsoft Managed Control 1014 - Account Management | Removal Of Temporary / Emergency Accounts | Regulatory Compliance - Access Control

Azure BuiltIn Policy definition

Source Azure Portal
Display name Microsoft Managed Control 1014 - Account Management | Removal Of Temporary / Emergency Accounts
Id 5dee936c-8037-4df1-ab35-6635733da48c
Version 1.0.0
Details on versioning
Category Regulatory Compliance
Microsoft Learn
Description Microsoft implements this Access Control control
Additional metadata Name/Id: ACF1014 / Microsoft Managed Control 1014
Category: Access Control
Title: Account Management | Removal Of Temporary / Emergency Accounts
Ownership: Customer, Microsoft
Description: The information system automatically doesn't use temporary and emergency accounts.
Requirements: The Microsoft Security Program Policy prohibits the use of temporary and emergency accounts. All local guest accounts are disabled on the system or platform wherever they are located. All account requests follow the standard account management process, including domain account request and approval and OneIdentity-based group management. For servers that are not domain-joined, the JIT process for granting access to a server includes creating and enabling a local account for the duration of access. Because this access is tied to a specific user’s domain account and requires that the user first authenticate using multifactor authentication, Azure does not consider this local account to be a temporary account for purposes of this control.
Mode Indexed
Type Static
Preview False
Deprecated False
Effect Fixed
audit
RBAC role(s) none
Rule aliases none
Rule resource types IF (2)
Microsoft.Resources/subscriptions
Microsoft.Resources/subscriptions/resourceGroups
Compliance Not a Compliance control
Initiatives usage none
History none
JSON compare n/a
JSON
api-version=2021-06-01
EPAC