last sync: 2024-Jun-14 18:20:16 UTC

Microsoft Managed Control 1206 - Access Restrictions For Change | Limit Production / Operational Privileges | Regulatory Compliance - Configuration Management

Azure BuiltIn Policy definition

Source Azure Portal
Display name Microsoft Managed Control 1206 - Access Restrictions For Change | Limit Production / Operational Privileges
Id e0de232d-02a0-4652-872d-88afb4ae5e91
Version 1.0.0
Details on versioning
Category Regulatory Compliance
Microsoft Learn
Description Microsoft implements this Configuration Management control
Additional metadata Name/Id: ACF1206 / Microsoft Managed Control 1206
Category: Configuration Management
Title: Access Restrictions For Change | Limit Production / Operational Privileges - Privilege Limitation
Ownership: Customer, Microsoft
Description: The organization: Limits privileges to change information system components and system-related information within a production or operational environment; and
Requirements: Azure personnel do not have access to any of the Azure production environments to change hardware, software, or firmware components. Developers and integrators are responsible for developing the code, generating the builds, performing integration testing, and managing deployments. Azure limits privileges to release software and configuration changes to production to authorized personnel; only the designated approvers such as leads, managers, or PMs can approve changes to production, and the service teams deploy the changes using the DevOps model. Segregation of duties is established on all critical functions within Azure’s production environment, to minimize the risk of unauthorized changes to productions systems. As such, access to make changes to the production environment is limited to authorized service team members using the DevOps model. Datacenter Services (DCS) Operations is responsible for managing physical access to the Azure environment. Physical access to the production environment is restricted to DCS personnel, who perform hardware changes.
Mode Indexed
Type Static
Preview False
Deprecated False
Effect Fixed
RBAC role(s) none
Rule aliases none
Rule resource types IF (2)
Compliance Not a Compliance control
Initiatives usage none
History none
JSON compare n/a