| Source | Azure Portal | |||||||||||||||||||||||||||||||||
| Display name | Microsoft Managed Control 1715 - Software & Information Integrity | Automated Response To Integrity Violations | |||||||||||||||||||||||||||||||||
| Id | dd469ae0-71a8-4adc-aafc-de6949ca3339 | |||||||||||||||||||||||||||||||||
| Version | 1.0.1 Details on versioning |
|||||||||||||||||||||||||||||||||
| Category | Regulatory Compliance Microsoft Learn |
|||||||||||||||||||||||||||||||||
| Description | Microsoft implements this System and Information Integrity control | |||||||||||||||||||||||||||||||||
| Additional metadata |
Name/Id: ACF1715 / Microsoft Managed Control 1715 Category: System and Information Integrity Title: Software & Information Integrity | Automated Response To Integrity Violations Ownership: Customer, Microsoft Description: The information system automatically cancels deployment and notifies Service Engineer Operations personnel when integrity violations are discovered. Requirements: Azure provides alerts for integrity violations to the Security Response Team to use in case of suspected incidents. Shutting down the system would potentially cause operational issues including outages as a response to an integrity violation and expose the system to availability or denial of service risks. The Security Response Team investigates any instances of integrity violation that is suspected of being a security incident and respond according to their operating procedures. Azure software updates are thoroughly reviewed for any unauthorized changes before entering the production environments as part of the Security Development Lifecycle (SDL) and Change and Release Management processes. Any code changes must be reviewed and approved before they are deployed to the environment. Additionally, builds are digitally signed before they are deployed. If the integrity verification fails at deployment, the deployment operation fails, and the process needs to be started over. The deployment engine is configured to notify service engineer personnel upon discovery of discrepancies during integrity verification. Service engineer personnel are notified via email or the creation of DevOps tickets. Servers The Windows Server operating systems provide real-time file integrity validation, protection, and recovery of core system files that are installed as part of Windows or authorized Windows system updates. Windows Resource Protection (WRP) automatically detects and restores the original version of protected files if a program uses an unauthorized method to change those files. WRP provides protection for system files using two mechanisms. The first mechanism runs in the background. This protection is triggered after WRP receives a directory change notification for a file in a protected directory. After WRP receives this notification, WRP determines which file was changed. If the file is protected, WRP looks up the file signature in a catalog file to determine if the new file is the correct version. If the file is not the correct version, WRP replaces the new file with the file from the system protected cache folder (if it is in the cache folder) or from the installation source. In addition to WRP, on demand validation and recovery of core Windows system files are provided using the System File Checker (sfc.exe) tool. Network Devices Azure uses the Config Policy Verifier (CPV) and Config Change Reporter (CCR) tools to notify the Azure Networking team on unauthorized changes to network devices on a continuous basis. CPV and CCR automatically send alerts to Incident Management (IcM) regarding deviations of correct operations of security functions. CPV and CCR aler upon system startup and restart and continuously provides event monitoring and alerting to Azure Networking. CPV and CCR are near-real-time solutions that perform scanning on a continuous basis. |
|||||||||||||||||||||||||||||||||
| Mode | Indexed | |||||||||||||||||||||||||||||||||
| Type | Static | |||||||||||||||||||||||||||||||||
| Preview | False | |||||||||||||||||||||||||||||||||
| Deprecated | False | |||||||||||||||||||||||||||||||||
| Effect | Fixed audit |
|||||||||||||||||||||||||||||||||
| RBAC role(s) | none | |||||||||||||||||||||||||||||||||
| Rule aliases | none | |||||||||||||||||||||||||||||||||
| Rule resource types | IF (2) Microsoft.Resources/subscriptions Microsoft.Resources/subscriptions/resourceGroups |
|||||||||||||||||||||||||||||||||
| Compliance |
The following 2 compliance controls are associated with this Policy definition 'Microsoft Managed Control 1715 - Software & Information Integrity | Automated Response To Integrity Violations' (dd469ae0-71a8-4adc-aafc-de6949ca3339)
| |||||||||||||||||||||||||||||||||
| Initiatives usage |
|
|||||||||||||||||||||||||||||||||
| History |
|
|||||||||||||||||||||||||||||||||
| JSON compare |
compare mode:
version left:
version right:
|
|||||||||||||||||||||||||||||||||
| JSON |
|