AzPolicyAdvertizer

last sync: 2025-Apr-29 17:16:02 UTC

Microsoft Managed Control 1027 - Access Enforcement | Regulatory Compliance - Access Control

Azure BuiltIn Policy definition

Source Azure Portal
Display name Microsoft Managed Control 1027 - Access Enforcement
Id a76ca9b0-3f4a-4192-9a38-b25e4f8ae48c
Version 1.0.0
Details on versioning
Versioning Versions supported for Versioning: 0
Built-in Versioning [Preview]
Category Regulatory Compliance
Microsoft Learn
Description Microsoft implements this Access Control control
Cloud environments AzureCloud = true
AzureUSGovernment = true
AzureChinaCloud = unknown
Available in AzUSGov The Policy is available in AzureUSGovernment cloud. Version: '1.0.0'
Repository: Azure-Policy a76ca9b0-3f4a-4192-9a38-b25e4f8ae48c
Additional metadata Name/Id: ACF1027 / Microsoft Managed Control 1027
Category: Access Control
Title: Access Enforcement
Ownership: Customer, Microsoft
Description: The information system enforces approved authorizations for logical access to information and system resources in accordance with applicable access control policies.
Requirements: Azure enforces approved authorizations for logical access to the Azure environment using role-based access control enforced by Active Directory. Access to Active Directory security groups is managed through OneIdentityand MyAccess. Only screened personnel can access services in the Azure environment. All accounts created in support of Azure are role-based. Service team users request access to Azure, and if approved, are placed in the appropriate security groups according to their roles for supporting their services, using the principles of least privilege. By default, accounts do not have persistent elevated permissions to the production environment. If an Azure user needs access to the production environment to perform a specific action, they request temporary Just in Time (JIT) access through the JIT portal. Approval is granted either automatically using preconfigured rules or a different Azure user with the access approver role. Access is only provided for a finite period based on the expected duration of the work to be performed. If access is approved, the user is assigned the minimum permissions required to perform the work, and permission is automatically revoked at the end of the specified time.
Mode Indexed
Type Static
Preview False
Deprecated False
Effect Fixed
audit
RBAC role(s) none
Rule aliases none
Rule resource types IF (2)
Compliance
The following 1 compliance controls are associated with this Policy definition 'Microsoft Managed Control 1027 - Access Enforcement' (a76ca9b0-3f4a-4192-9a38-b25e4f8ae48c)
Control Domain Control Name MetadataId Category Title Owner Requirements Description Info Policy#
NIS2 AM._Asset_Management_9 NIS2_AM._Asset_Management_9 NIS2_AM._Asset_Management_9 AM. Asset Management Human resources security, access control policies and asset management n/a The cybersecurity risk-management measures should therefore also address the physical and environmental security of network and information systems by including measures to protect such systems from system failures, human error, malicious acts or natural phenomena, in line with European and international standards, such as those included in the ISO/IEC 27000 series. In that regard, essential and important entities should, as part of their cybersecurity risk-management measures, also address human resources security and have in place appropriate access control policies. Those measures should be consistent with Directive (EU) 2022/2557. 28
Initiatives usage
Initiative DisplayName Initiative Id Initiative Category State Type polSet in AzUSGov
[Preview]: NIS2 32ff9e30-4725-4ca7-ba3a-904a7721ee87 Regulatory Compliance Preview BuiltIn unknown
History none
JSON compare n/a
JSON
api-version=2021-06-01
EPAC