Microsoft implements this Media Protection control
Name/Id: ACF1443 / Microsoft Managed Control 1443 Category: Media Protection Title: Media Use Ownership: Microsoft Description: The organization prohibits the use of defined information system media on all information systems using defined security safeguards. Requirements: Asset owners are required to assign their assets with an asset classification and no assets are exempt from this requirement. In the Azure datacenters and GC3s, assets refer to servers and network devices. Other digital media like USB flash/thumb drives or CDs/DVDs are managed by specific policies and procedures, including the Asset Management section of the Microsoft Security Program Policy (MSPP), governing how those devices are managed. Non-digital media is not used. The usage of digital media in Azure datacenters and GC3s is monitored twenty-four (24) hours a day, seven (7) days a week via CCTV coverage.
Rule resource types
IF (2) Microsoft.Resources/subscriptions Microsoft.Resources/subscriptions/resourceGroups