last sync: 2024-Mar-01 17:50:27 UTC

Microsoft Managed Control 1701 - Information System Monitoring | Host-Based Devices | Regulatory Compliance - System and Information Integrity

Azure BuiltIn Policy definition

Source Azure Portal
Display name Microsoft Managed Control 1701 - Information System Monitoring | Host-Based Devices
Id f25bc08f-27cb-43b6-9a23-014d00700426
Version 1.0.0
Details on versioning
Category Regulatory Compliance
Microsoft Learn
Description Microsoft implements this System and Information Integrity control
Additional metadata Name/Id: ACF1701 / Microsoft Managed Control 1701
Category: System and Information Integrity
Title: Information System Monitoring | Host-Based Devices
Ownership: Customer, Microsoft
Description: The organization implements Windows Event Logging at all hosts.
Requirements: All hosts within Azure have event logging enabled. If this functionality is turned off or unsuccessful, an alert is generated through Geneva Monitoring and the alert is investigated as a security incident. Assets are each configured with an Event Forwarding Tool. The Event Forwarding Tool sends audit records to the Security Incident and Event Management Tool via an event collection infrastructure which also archives security events within the environment. This event forwarding occurs in real time for the interconnected system. Additionally, anti-virus software is configured to scan, real-time, files incoming to the system and quarantines them if determined to be malicious. Alerts from clients are logged in the anti-virus software database and the alerts for malware-related events are sent in near-real time to the Security Response Team three ways. This happens via alerts/tickets, emails to Security Response Team, and a feed to the security incident and event management tool. Azure Security Pack (AzSecPack) enables monitoring of network communication correlated with network logs and in-memory lateral movement during post exploitation for all deployment types via Process Investigation, which is available externally via Fileless Attack detections from Azure Security Center, and via the Network Risk Management (NRM) Service. AzSecPack is automatically enabled for applicable Azure assets via a centrally managed configuration. Monitoring of missing AzSecPack is implemented by Azure Security Monitoring (ASM).
Mode Indexed
Type Static
Preview False
Deprecated False
Effect Fixed
audit
RBAC role(s) none
Rule aliases none
Rule resource types IF (2)
Microsoft.Resources/subscriptions
Microsoft.Resources/subscriptions/resourceGroups
Compliance Not a Compliance control
Initiatives usage none
History none
JSON compare n/a
JSON
api-version=2021-06-01
EPAC