Microsoft implements this System and Information Integrity control
Name/Id: ACF1705 / Microsoft Managed Control 1705 Category: System and Information Integrity Title: Security Alerts, Advisories, And Directives - Alert Dissemination Parameters: Personnel, External Organizations Ownership: Customer, Microsoft Description: The organization: Disseminates security alerts, advisories, and directives to: C+AI Security, C+AI Security SIM, Microsoft Azure Security and Compliance, WALS, Patch Triage Team, RDOS Team, MA SQL DB teams; and Requirements: Azure disseminates alerts received from vendors and other third-party services such as IBM Internet Security Systems and US-CERT and shares this information throughout the organization. Additionally, Microsoft publishes bulletins through the Microsoft Security Response Center (MSRC) which include specific information relevant to security updates being released. The Azure Security team also addresses notifications and disseminates security alerts via email and RSS feeds received directly from external organizations other than the Services Operation Center or Microsoft Support.
The Vulnerability Management team conducts a monthly conference call with Azure stakeholders to review updates that are required in the environment, based on the data provided in the Advance Notification Service by the MSRC. Minutes from this call are recorded and saved for historical understanding of the rationale used to determine which updates were required in the past.
For network devices, hardware vendors make Azure Networking aware of security vulnerabilities on their products via e-mail. Azure Networking logs the email into the ticketing system and performs analysis to evaluate possible risks and mitigations. Azure Networking has dedicated support engineers from the major hardware vendors, including, but not limited to, Cisco, Juniper, and F5, that assist with the analysis and determination of the course of action. The issue is tracked by Azure Networking to completion.
Rule resource types
IF (2) Microsoft.Resources/subscriptions Microsoft.Resources/subscriptions/resourceGroups