last sync: 2024-May-24 18:03:04 UTC

Microsoft Managed Control 1317 - Authenticator Management | Regulatory Compliance - Identification and Authentication

Azure BuiltIn Policy definition

Source Azure Portal
Display name Microsoft Managed Control 1317 - Authenticator Management
Id 8877f519-c166-47b7-81b7-8a8eb4ff3775
Version 1.0.0
Details on versioning
Category Regulatory Compliance
Microsoft Learn
Description Microsoft implements this Identification and Authentication control
Additional metadata Name/Id: ACF1317 / Microsoft Managed Control 1317
Category: Identification and Authentication
Title: Authenticator Management - Identity Verification
Ownership: Customer, Microsoft
Description: The organization manages information system authenticators by: Verifying, as part of the initial authenticator distribution, the identity of the individual, group, role, or device receiving the authenticator;
Requirements: For personnel supporting Azure services, user accounts within Azure domains tie to accounts of existing Microsoft personnel using their unique Microsoft CorpNet aliases. CorpNet and Azure access are provisioned and managed using separate account management tools. CorpNet account management, using MyAccess, cannot provide access to Azure – it can only provide access to AD security groups that the Azure account management tool, OneIdentity, leverages. The alias is consistent across all of a user's accounts. Azure utilizes the AME and GME domains for access to the Azure environment. These domains are specific to the environment. The identities of accounts are verified during the account request process, where initial authenticator distribution information for new Azure domain accounts are sent to the user's CorpNet e-mail address. Initial authenticator distribution is only sent to the CorpNet e-mail account associated to the provisioning request, after manager approval has been received. Azure-issued smart cards are distributed in person by the C+AI Security smart card support team after confirming the identity of the individual receiving the smart card.
Mode Indexed
Type Static
Preview False
Deprecated False
Effect Fixed
audit
RBAC role(s) none
Rule aliases none
Rule resource types IF (2)
Microsoft.Resources/subscriptions
Microsoft.Resources/subscriptions/resourceGroups
Compliance Not a Compliance control
Initiatives usage none
History none
JSON compare n/a
JSON
api-version=2021-06-01
EPAC