| Source | Azure Portal | ||||||||||||||||||||||
| Display name | Microsoft Managed Control 1374 - Incident Response Assistance | ||||||||||||||||||||||
| Id | cc5c8616-52ef-4e5e-8000-491634ed9249 | ||||||||||||||||||||||
| Version | 1.0.0 Details on versioning |
||||||||||||||||||||||
| Category | Regulatory Compliance Microsoft Learn |
||||||||||||||||||||||
| Description | Microsoft implements this Incident Response control | ||||||||||||||||||||||
| Additional metadata |
Name/Id: ACF1374 / Microsoft Managed Control 1374 Category: Incident Response Title: Incident Response Assistance Ownership: Customer, Microsoft Description: The organization provides an incident response support resource, integral to the organizational incident response capability that offers advice and assistance to users of the information system for the handling and reporting of security incidents. Requirements: For all asset types, Azure implements both internal and external sites which offer advice and assistance to Azure personnel and customers for handling and reporting of security incidents. Azure sites are supported on SharePoint and internal access is granted to appropriate personnel. Internal Azure policies and procedures are distributed and published to a central SharePoint repository and are accessible to all Azure personnel. The Azure Security Response Team provides regular updates around event triage and incident management which are available to all applicable Azure incident management personnel. Azure use the services of the Cyber Defense Operations Center (CDOC) to manage incident questions and reporting by Microsoft personnel. Microsoft personnel can report incidents using the email alias “cdoc@microsoft.com” or via Incident Management (IcM) which is then routed to the appropriate Azure team. Internal web pages offer advice and assistance to service teams for the handling and reporting of security incidents. These web pages provide the following information to Azure personnel: * What are security incidents * How to identify such incidents * How to escalate the security incidents * List of sample security incidents * Who to contact in the event of a security incident The Azure Security Response Team also posts a phone number and email alias on their internal website. This contact information is provided for service team personnel to use when required to file a security incident. Additionally, security contact information is available as part of IcM. Depending on the nature of the incident, Azure may engage subject matter experts (SMEs) from other organizations within Microsoft to facilitate investigative needs. External The Azure Trust Center describes how to submit a security incident in Azure. The Microsoft Developer Network (MSDN) webpage also provides support to customers and links them to a wide variety of web pages which provide guidance around information security incidents related to their cloud environment and customer support, if needed. Customers can report security events at any time through the customer support website handled by Customer Support Services (CSS). CSS routes it to appropriate service team. In addition, possible security incidents and abuse can be reported on |
||||||||||||||||||||||
| Mode | Indexed | ||||||||||||||||||||||
| Type | Static | ||||||||||||||||||||||
| Preview | False | ||||||||||||||||||||||
| Deprecated | False | ||||||||||||||||||||||
| Effect | Fixed audit |
||||||||||||||||||||||
| RBAC role(s) | none | ||||||||||||||||||||||
| Rule aliases | none | ||||||||||||||||||||||
| Rule resource types | IF (2) Microsoft.Resources/subscriptions Microsoft.Resources/subscriptions/resourceGroups |
||||||||||||||||||||||
| Compliance |
The following 1 compliance controls are associated with this Policy definition 'Microsoft Managed Control 1374 - Incident Response Assistance' (cc5c8616-52ef-4e5e-8000-491634ed9249)
| ||||||||||||||||||||||
| Initiatives usage |
|
||||||||||||||||||||||
| History | none | ||||||||||||||||||||||
| JSON compare | n/a | ||||||||||||||||||||||
| JSON |
|