AzPolicyAdvertizer

last sync: 2023-Jun-02 17:44:47 UTC

Azure Policy definition

Azure Machine Learning Computes should have local authentication methods disabled

Name Azure Machine Learning Computes should have local authentication methods disabled
Azure Portal
Id e96a9a5f-07ca-471b-9bc5-6a0f33cbd68f
Version 2.0.1
details on versioning
Category Machine Learning
Microsoft docs
Description Disabling local authentication methods improves security by ensuring that Machine Learning Computes require Azure Active Directory identities exclusively for authentication. Learn more at: https://aka.ms/azure-ml-aad-policy.
Mode All
Type BuiltIn
Preview FALSE
Deprecated FALSE
Effect Default
Audit
Allowed
Audit, Deny, Disabled
RBAC
Role(s)		 none
Rule
Aliases		 IF (1)
Alias Namespace ResourceType DefaultPath Modifiable
Microsoft.MachineLearningServices/workspaces/computes/disableLocalAuth Microsoft.MachineLearningServices workspaces/computes properties.disableLocalAuth false
Rule
ResourceTypes		 IF (1)
Microsoft.MachineLearningServices/workspaces/computes
Compliance The following 1 compliance controls are associated with this Policy definition 'Azure Machine Learning Computes should have local authentication methods disabled' (e96a9a5f-07ca-471b-9bc5-6a0f33cbd68f)
Control Domain Control Name MetadataId Category Title Owner Requirements Description Info Policy#
Azure_Security_Benchmark_v3.0 IM-1 Azure_Security_Benchmark_v3.0_IM-1 Microsoft cloud security benchmark IM-1 Identity Management Use centralized identity and authentication system Shared **Security Principle:** Use a centralized identity and authentication system to govern your organization's identities and authentications for cloud and non-cloud resources. **Azure Guidance:** Azure Active Directory (Azure AD) is Azure's identity and authentication management service. You should standardize on Azure AD to govern your organization's identity and authentication in: - Microsoft cloud resources, such as the Azure Storage, Azure Virtual Machines (Linux and Windows), Azure Key Vault, PaaS, and SaaS applications. - Your organization's resources, such as applications on Azure, third-party applications running on your corporate network resources, and third-party SaaS applications. - Your enterprise identities in Active Directory by synchronization to Azure AD to ensure a consistent and centrally managed identity strategy. Note: As soon as it is technically feasible, you should migrate on-premises Active Directory based applications to Azure AD. This could be an Azure AD Enterprise Directory, Business to Business configuration, or Business to consumer configuration. **Implementation and additional context:** Tenancy in Azure AD: https://docs.microsoft.com/azure/active-directory/develop/single-and-multi-tenant-apps How to create and configure an Azure AD instance: https://docs.microsoft.com/azure/active-directory/fundamentals/active-directory-access-create-new-tenant Define Azure AD tenants: https://azure.microsoft.com/resources/securing-azure-environments-with-azure-active-directory/ Use external identity providers for an application: https://docs.microsoft.com/azure/active-directory/b2b/identity-providers n/a link 4
History
Date/Time (UTC ymd) (i) Change type Change detail
2023-05-22 17:43:18 change Patch (2.0.0 > 2.0.1) *changes on text case sensitivity are not tracked
2022-10-28 16:42:53 change Major (1.0.0 > 2.0.0)
2021-05-11 14:06:18 add e96a9a5f-07ca-471b-9bc5-6a0f33cbd68f
Initiatives
usage
Initiative DisplayName Initiative Id Initiative Category State Type
Microsoft cloud security benchmark 1f3afdf9-d0c9-4c3d-847f-89da613e70a8 Security Center GA BuiltIn
JSON