last sync: 2024-May-24 18:03:04 UTC

Microsoft Managed Control 1006 - Account Management | Regulatory Compliance - Access Control

Azure BuiltIn Policy definition

Source Azure Portal
Display name Microsoft Managed Control 1006 - Account Management
Id aae8d54c-4bce-4c04-b3aa-5b65b67caac8
Version 1.0.0
Details on versioning
Category Regulatory Compliance
Microsoft Learn
Description Microsoft implements this Access Control control
Additional metadata Name/Id: ACF1006 / Microsoft Managed Control 1006
Category: Access Control
Title: Account Management - Required Approval
Ownership: Customer, Microsoft
Description: The organization: Requires approvals by Management for requests to create information system accounts;
Requirements: All account approvals in Azure, including establishing user accounts, security groups, and service accounts, go through OneIdentity. No access is possible without an approved account. When a user submits a request, the approver identified in AC-02 Part c receives an email notification. Approvers may also go directly to the tool to view a request. The approver follows these steps to approve or deny the request ticket and determine the level of user access: * The approver determines whether the business justification is sufficient. * The approver determines whether the level of user access requested is appropriate. The approver adheres to the principles of least privilege and separation of duties when approving and assigning user access rights and can reject or modify the requested permissions if they are not appropriate. In the case of access requests to multiple services, this may translate into different levels of permissions against the different services to which the user needs access.
Mode Indexed
Type Static
Preview False
Deprecated False
Effect Fixed
RBAC role(s) none
Rule aliases none
Rule resource types IF (2)
Compliance Not a Compliance control
Initiatives usage none
History none
JSON compare n/a