last sync: 2024-Jun-14 18:20:16 UTC

Microsoft Managed Control 1010 - Account Management | Regulatory Compliance - Access Control

Azure BuiltIn Policy definition

Source Azure Portal
Display name Microsoft Managed Control 1010 - Account Management
Id 784663a8-1eb0-418a-a98c-24d19bc1bb62
Version 1.0.0
Details on versioning
Category Regulatory Compliance
Microsoft Learn
Description Microsoft implements this Access Control control
Additional metadata Name/Id: ACF1010 / Microsoft Managed Control 1010
Category: Access Control
Title: Account Management - Authorizations
Ownership: Customer, Microsoft
Description: The organization: Authorizes access to the information system based on: A valid access authorization; Intended system usage; and Other attributes as required by the organization or associated missions/business functions;
Requirements: OneIdentity enables role-based access to Azure’s production network and supporting infrastructure in a secure manner that complies with least privilege policies and guidelines set by Microsoft. Access requests and modifications to Azure security groups and thus privileges in the Azure environment are approved based upon meeting criteria that determine the appropriateness of the requested role and is completed by an account approver based on rules defined in OneIdentity. Information system usage or need-to-know/need-to-share changes are managed by the owner of the service. The service owner and account approvers can request changes to the access of accounts on their service for AD accounts through OneIdentity.
Mode Indexed
Type Static
Preview False
Deprecated False
Effect Fixed
audit
RBAC role(s) none
Rule aliases none
Rule resource types IF (2)
Microsoft.Resources/subscriptions
Microsoft.Resources/subscriptions/resourceGroups
Compliance Not a Compliance control
Initiatives usage none
History none
JSON compare n/a
JSON
api-version=2021-06-01
EPAC