| Source | Azure Portal | ||
| Display name | Microsoft Managed Control 1116 - Audit Review, Analysis, And Reporting | ||
| Id | 5e47bc51-35d1-44b8-92af-e2f2d8b67635 | ||
| Version | 1.0.0 Details on versioning |
||
| Category | Regulatory Compliance Microsoft Learn |
||
| Description | Microsoft implements this Audit and Accountability control | ||
| Additional metadata |
Name/Id: ACF1116 / Microsoft Managed Control 1116 Category: Audit and Accountability Title: Audit Review, Analysis, And Reporting - Reporting Ownership: Customer, Microsoft Description: The organization: Reports findings to Microsoft Azure Live Site team, ISSO and ISSM as applicable. Requirements: Azure configures the detections and resulting alerts to be sent to the appropriate parties for resolution. Depending on the alert, this can include the service team or the Security Response Team. For example, use of an emergency access account generates an alert to the service team owning the subscription in which the emergency access was utilized. Alternatively, malicious PowerShell scripts are routed to the Security Response Team. Regardless of which team the alert is routed to, all service teams, Azure personnel, and external customers can escalate an incident or report a new one. |
||
| Mode | Indexed | ||
| Type | Static | ||
| Preview | False | ||
| Deprecated | False | ||
| Effect | Fixed audit |
||
| RBAC role(s) | none | ||
| Rule aliases | none | ||
| Rule resource types | IF (2) Microsoft.Resources/subscriptions Microsoft.Resources/subscriptions/resourceGroups |
||
| Compliance | Not a Compliance control | ||
| Initiatives usage | none | ||
| History | none | ||
| JSON compare | n/a | ||
| JSON |
|