AzPolicyAdvertizer

last sync: 2023-Dec-05 19:46:27 UTC

Azure Policy definition

Audit Windows machines that have the specified members in the Administrators group

Source

Azure Portal

Display name

Audit Windows machines that have the specified members in the Administrators group

69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f

Version

2.0.0
Details on versioning

Category

Guest Configuration
Microsoft Learn

Description

Requires that prerequisites are deployed to the policy assignment scope. For details, visit https://aka.ms/gcpol. Machines are non-compliant if the local Administrators group contains one or more of the members listed in the policy parameter.

Mode

Indexed

Type

BuiltIn

Preview

False

Deprecated

False

Effect

Fixed
auditIfNotExists

RBAC role(s)

none

Rule aliases

IF (7)

Alias	Namespace	ResourceType	DefaultPath	Modifiable
Microsoft.Compute/imageOffer	Microsoft.Compute Microsoft.Compute Microsoft.Compute	virtualMachines virtualMachineScaleSets disks	properties.storageProfile.imageReference.offer properties.virtualMachineProfile.storageProfile.imageReference.offer properties.creationData.imageReference.id	false false false
Microsoft.Compute/imagePublisher	Microsoft.Compute Microsoft.Compute Microsoft.Compute	virtualMachines virtualMachineScaleSets disks	properties.storageProfile.imageReference.publisher properties.virtualMachineProfile.storageProfile.imageReference.publisher properties.creationData.imageReference.id	false false false
Microsoft.Compute/imageSKU	Microsoft.Compute Microsoft.Compute Microsoft.Compute	virtualMachines virtualMachineScaleSets disks	properties.storageProfile.imageReference.sku properties.virtualMachineProfile.storageProfile.imageReference.sku properties.creationData.imageReference.id	false false false
Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration	Microsoft.Compute	virtualMachines	properties.osProfile.windowsConfiguration	true
Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType	Microsoft.Compute	virtualMachines	properties.storageProfile.osDisk.osType	true
Microsoft.ConnectedVMwarevSphere/virtualMachines/osProfile.osType	Microsoft.ConnectedVMwarevSphere	virtualmachines	properties.osProfile.osType	false
Microsoft.HybridCompute/imageOffer	Microsoft.HybridCompute	machines	properties.osName	false

THEN-ExistenceCondition (2)

Alias	Namespace	ResourceType	DefaultPath	Modifiable
Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus	Microsoft.GuestConfiguration	guestConfigurationAssignments	properties.complianceStatus	false
Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash	Microsoft.GuestConfiguration	guestConfigurationAssignments	properties.parameterHash	false

Rule resource types

IF (3)
Microsoft.Compute/virtualMachines
Microsoft.ConnectedVMwarevSphere/virtualMachines
Microsoft.HybridCompute/machines

Compliance

The following 16 compliance controls are associated with this Policy definition 'Audit Windows machines that have the specified members in the Administrators group' (69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f)

Control Domain	Control	Name	MetadataId	Category	Title	Owner	Requirements	Description	Info	Policy#
AU_ISM	1503	AU_ISM_1503	AU ISM 1503	Guidelines for Personnel Security - Access to systems and their resources	Standard access to systems - 1503		n/a	Standard access to systems, applications and data repositories is limited to that required for personnel to undertake their duties.	link	6
AU_ISM	1507	AU_ISM_1507	AU ISM 1507	Guidelines for Personnel Security - Access to systems and their resources	Privileged access to systems - 1507		n/a	Privileged access to systems, applications and data repositories is validated when first requested and revalidated on an annual or more frequent basis.	link	4
AU_ISM	1508	AU_ISM_1508	AU ISM 1508	Guidelines for Personnel Security - Access to systems and their resources	Privileged access to systems - 1508		n/a	Privileged access to systems, applications and data repositories is limited to that required for personnel to undertake their duties.	link	7
AU_ISM	415	AU_ISM_415	AU ISM 415	Guidelines for Personnel Security - Access to systems and their resources	User identification - 415		n/a	The use of shared user accounts is strictly controlled, and personnel using such accounts are uniquely identifiable.	link	4
AU_ISM	445	AU_ISM_445	AU ISM 445	Guidelines for Personnel Security - Access to systems and their resources	Privileged access to systems - 445		n/a	Privileged users are assigned a dedicated privileged account to be used solely for tasks requiring privileged access.	link	4
Azure_Security_Benchmark_v1.0	3.3	Azure_Security_Benchmark_v1.0_3.3	Azure Security Benchmark 3.3	Identity and Access Control	Use dedicated administrative accounts	Customer	Create standard operating procedures around the use of dedicated administrative accounts. Use Azure Security Center Identity and Access Management to monitor the number of administrative accounts. You can also enable a Just-In-Time / Just-Enough-Access by using Microsoft Entra Privileged Identity Management Privileged Roles for Microsoft Services, and Azure Resource Manager. Learn more: https://docs.microsoft.com/azure/active-directory/privileged-identity-management/	n/a	link	5
CCCS	AC-5	CCCS_AC-5	CCCS AC-5	Access Control	Separation of Duties		n/a	(A) The organization: (a) Separate organization-defined duties of individuals including at least separation of operational, development, security monitoring, and management functions; (b) Documents separation of duties of individuals; and (c) Defines information system access authorizations to support separation of duties.	link	7
CCCS	AC-6	CCCS_AC-6	CCCS AC-6	Access Control	Least Privilege		n/a	(A) The organization employs the principle of least privilege, allowing only authorized accesses for users (or processes acting on behalf of users) which are necessary to accomplish assigned tasks in accordance with organizational missions and business functions.	link	7
CMMC_L3	AC.3.017	CMMC_L3_AC.3.017	CMMC L3 AC.3.017	Access Control	Separate the duties of individuals to reduce the risk of malevolent activity without collusion.	Shared	Microsoft and the customer share responsibilities for implementing this requirement.	Separation of duties addresses the potential for abuse of authorized privileges and helps to reduce the risk of malevolent activity without collusion. Separation of duties includes dividing mission functions and system support functions among different individuals or roles; conducting system support functions with different individuals (e.g., configuration management, quality assurance and testing, system management, programming, and network security); and ensuring that security personnel administering access control functions do not also administer audit functions. Because separation of duty violations can span systems and application domains, organizations consider the entirety of organizational systems and system components when developing policy on separation of duties.	link	4
CMMC_L3	SC.3.181	CMMC_L3_SC.3.181	CMMC L3 SC.3.181	System and Communications Protection	Separate user functionality from system management functionality.	Shared	Microsoft and the customer share responsibilities for implementing this requirement.	System management functionality includes functions necessary to administer databases, network components, workstations, or servers, and typically requires privileged user access. The separation of user functionality from system management functionality is physical or logical. Organizations can implement separation of system management functionality from user functionality by using different computers, different central processing units, different instances of operating systems, or different network addresses; virtualization techniques; or combinations of these or other methods, as appropriate. This type of separation includes web administrative interfaces that use separate authentication methods for users of any other system resources. Separation of system and user functionality may include isolating administrative interfaces on different domains and with additional access controls.	link	6
hipaa	11210.01q2Organizational.10-01.q	hipaa-11210.01q2Organizational.10-01.q	11210.01q2Organizational.10 - 01.q	User Identification and Authentication	Electronic signatures and handwritten signatures executed to electronic records shall be linked to their respective electronic records.	Customer	n/a	Azure does not implement identification codes and electronic signatures, per FDA CFR 21 Part 11.		1
hipaa	1125.01q2System.1-01.q	hipaa-1125.01q2System.1-01.q	1125.01q2System.1-01.q	11 Access Control	1125.01q2System.1-01.q 01.05 Operating System Access Control	Shared	n/a	Multi-factor authentication methods are used in accordance with organizational policy (e.g., for remote network access).		4
IRS_1075_9.3	.1.5	IRS_1075_9.3.1.5	IRS 1075 9.3.1.5	Access Control	Separation of Duties (AC-5)		n/a	The agency must: a. Separate duties of individuals to prevent harmful activity without collusion b. Document separation of duties of individuals c. Define information system access authorizations to support separation of duties	link	7
IRS_1075_9.3	.1.6	IRS_1075_9.3.1.6	IRS 1075 9.3.1.6	Access Control	Least Privilege (AC-6)		n/a	The agency must: a. Employ the principle of least privilege, allowing only authorized accesses for users (or processes acting on behalf of users) that are necessary to accomplish assigned tasks in accordance with agency missions and business functions b. Explicitly authorize access to FTI (CE1) c. Require that users of information system accounts, or roles, with access to FTI, use non-privileged accounts or roles when accessing non-security functions (CE2) d. Restrict privileged accounts on the information system to a limited number of individuals with a need to perform administrative duties (CE5) The information system must: a. Audit the execution of privileged functions (CE9) b. Prevent non-privileged users from executing privileged functions; including disabling, circumventing, or altering implemented security safeguards/countermeasures (CE10)	link	7
NIST_SP_800-171_R2_3	.1.4	NIST_SP_800-171_R2_3.1.4	NIST SP 800-171 R2 3.1.4	Access Control	Separate the duties of individuals to reduce the risk of malevolent activity without collusion.	Shared	Microsoft and the customer share responsibilities for implementing this requirement.	Separation of duties addresses the potential for abuse of authorized privileges and helps to reduce the risk of malevolent activity without collusion. Separation of duties includes dividing mission functions and system support functions among different individuals or roles; conducting system support functions with different individuals (e.g., configuration management, quality assurance and testing, system management, programming, and network security); and ensuring that security personnel administering access control functions do not also administer audit functions. Because separation of duty violations can span systems and application domains, organizations consider the entirety of organizational systems and system components when developing policy on separation of duties.	link	6
NZISM_Security_Benchmark_v1.1	AC-11	NZISM_Security_Benchmark_v1.1_AC-11	NZISM Security Benchmark AC-11	Access Control and Passwords	16.4.30 Privileged Access Management	Customer	Agencies MUST establish a Privileged Access Management (PAM) policy. Within the context of agency operations, the agency’s PAM policy MUST define: a privileged account; and privileged access. Agencies MUST manage Privileged Accounts in accordance with the Agency’s PAM Policy.	A fundamental part of any security policy is the inclusion of requirements for the treatment of Privileged Accounts. This is most conveniently contained in a Privileged Access Management (PAM) section within the agency’s security policy. A PAM policy is a fundamental component of an agency’s IT Governance.	link	9

Initiatives usage

Initiative DisplayName	Initiative Id	Initiative Category	State	Type
[Deprecated]: Azure Security Benchmark v1	42a694ed-f65e-42b2-aa9e-8052e9740a92	Regulatory Compliance	Deprecated	BuiltIn
[Deprecated]: DoD Impact Level 4	8d792a84-723c-4d92-a3c3-e4ed16a2d133	Regulatory Compliance	Deprecated	BuiltIn
[Preview]: Australian Government ISM PROTECTED	27272c0b-c225-4cc3-b8b0-f2534b093077	Regulatory Compliance	Preview	BuiltIn
Canada Federal PBMM	4c4a5f27-de81-430b-b4e5-9cbd50595a87	Regulatory Compliance	GA	BuiltIn
CMMC Level 3	b5629c75-5c77-4422-87b9-2509e680f8de	Regulatory Compliance	GA	BuiltIn
HITRUST/HIPAA	a169a624-5599-4385-a696-c8d643089fab	Regulatory Compliance	GA	BuiltIn
IRS1075 September 2016	105e0327-6175-4eb2-9af4-1fba43bdb39d	Regulatory Compliance	GA	BuiltIn
New Zealand ISM Restricted	d1a462af-7e6d-4901-98ac-61570b4ed22a	Regulatory Compliance	GA	BuiltIn
NIST SP 800-171 Rev. 2	03055927-78bd-4236-86c0-f36125a10dc9	Regulatory Compliance	GA	BuiltIn

History

Date/Time (UTC ymd) (i)	Change type	Change detail
2022-01-28 17:51:01	change	Major (1.0.0 > 2.0.0)
2020-09-09 11:24:03	add	69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f

JSON compare

compare mode: version left: version right:

JSON

api-version=2021-06-01
EPAC