| Source | Azure Portal | ||
| Display name | Microsoft Managed Control 1006 - Account Management | ||
| Id | aae8d54c-4bce-4c04-b3aa-5b65b67caac8 | ||
| Version | 1.0.0 Details on versioning |
||
| Category | Regulatory Compliance Microsoft Learn |
||
| Description | Microsoft implements this Access Control control | ||
| Additional metadata |
Name/Id: ACF1006 / Microsoft Managed Control 1006 Category: Access Control Title: Account Management - Required Approval Ownership: Customer, Microsoft Description: The organization: Requires approvals by Management for requests to create information system accounts; Requirements: All account approvals in Azure, including establishing user accounts, security groups, and service accounts, go through OneIdentity. No access is possible without an approved account. When a user submits a request, the approver identified in AC-02 Part c receives an email notification. Approvers may also go directly to the tool to view a request. The approver follows these steps to approve or deny the request ticket and determine the level of user access: * The approver determines whether the business justification is sufficient. * The approver determines whether the level of user access requested is appropriate. The approver adheres to the principles of least privilege and separation of duties when approving and assigning user access rights and can reject or modify the requested permissions if they are not appropriate. In the case of access requests to multiple services, this may translate into different levels of permissions against the different services to which the user needs access. |
||
| Mode | Indexed | ||
| Type | Static | ||
| Preview | False | ||
| Deprecated | False | ||
| Effect | Fixed audit |
||
| RBAC role(s) | none | ||
| Rule aliases | none | ||
| Rule resource types | IF (2) Microsoft.Resources/subscriptions Microsoft.Resources/subscriptions/resourceGroups |
||
| Compliance | Not a Compliance control | ||
| Initiatives usage | none | ||
| History | none | ||
| JSON compare | n/a | ||
| JSON |
|