| Source | Azure Portal | ||
| Display name | Microsoft Managed Control 1177 - Baseline Configuration | Reviews And Updates | ||
| Id | 63dbc7a8-e20b-4d38-b857-a7f6c0cd94bc | ||
| Version | 1.0.0 Details on versioning |
||
| Category | Regulatory Compliance Microsoft Learn |
||
| Description | Microsoft implements this Configuration Management control | ||
| Additional metadata |
Name/Id: ACF1177 / Microsoft Managed Control 1177 Category: Configuration Management Title: Baseline Configuration | Reviews And Updates - Regular Frequency Ownership: Customer, Microsoft Description: The organization reviews and updates the baseline configuration of the information system: Annually; Requirements: Servers The Logging and Monitoring team thoroughly reviews and updates the Azure configuration baselines based on new security configurations or changes to existing security configurations of the OS and components at least annually or when a significant change occurs. Additionally, if business priorities require an update to the operating system image as part of the twice per year semester planning the baselines team works the respective imaging team - Azure RDOS team for Azure Host, Native, and Guest images, and IPAK for Bare Metal and Pilotfish - for updates as appropriate. Any updates to images are scheduled as part of the Change and Release Management process. Network Devices For network devices, the Azure Networking team sets the configuration baselines for network devices using recommended configurations specific to each vendor, and these teams make updates at least annually based upon recommendations from the vendors as well as internal testing, requirements, and feedback. Azure Services Azure utilizes a continuous integration and continuous deployment (CI/CD) model for services, ensuring the software baseliens are updated regularly - in some cases, multiple times per day. Azure service teams maintain software baselines for each asset in the approved software baseline repository, Azure DevOps. This ensures the baselines remain under configuration control. Changes to configuration baselines go through the Security Development Lifecycle (SDL) process, which requires security signoffs prior to production deployment, among other security. |
||
| Mode | Indexed | ||
| Type | Static | ||
| Preview | False | ||
| Deprecated | False | ||
| Effect | Fixed audit |
||
| RBAC role(s) | none | ||
| Rule aliases | none | ||
| Rule resource types | IF (2) Microsoft.Resources/subscriptions Microsoft.Resources/subscriptions/resourceGroups |
||
| Compliance | Not a Compliance control | ||
| Initiatives usage | none | ||
| History | none | ||
| JSON compare | n/a | ||
| JSON |
|