last sync: 2024-Jun-24 18:15:26 UTC

Microsoft Managed Control 1627 - Boundary Protection | External Telecommunications Services | Regulatory Compliance - System and Communications Protection

Azure BuiltIn Policy definition

Source Azure Portal
Display name Microsoft Managed Control 1627 - Boundary Protection | External Telecommunications Services
Id fd73310d-76fc-422d-bda4-3a077149f179
Version 1.0.0
Details on versioning
Category Regulatory Compliance
Microsoft Learn
Description Microsoft implements this System and Communications Protection control
Additional metadata Name/Id: ACF1627 / Microsoft Managed Control 1627
Category: System and Communications Protection
Title: Boundary Protection | External Telecommunications Services
Ownership: Microsoft
Description: The organization: Establishes a traffic flow policy for each managed interface;
Requirements: The Azure Networking team establishes routing policies and ACLs at the edge to only allow the export of 8075 public blocks to Azure's Border Gateway Protocol (BGP) peers. Edge Access Control Lists (ACLs) are applied inbound from all peering interfaces. The policy explicitly filters non-edge protocols such as SQL, RPC, 445, and 135-139 from entering the network from untrusted sources. Service teams running on top of the fabric customize the routing policies and ACLs necessary for their service. For instance, the Azure Portal needs to be externally accessible, but the JIT Portal does not.
Mode Indexed
Type Static
Preview False
Deprecated False
Effect Fixed
audit
RBAC role(s) none
Rule aliases none
Rule resource types IF (2)
Microsoft.Resources/subscriptions
Microsoft.Resources/subscriptions/resourceGroups
Compliance Not a Compliance control
Initiatives usage none
History none
JSON compare n/a
JSON
api-version=2021-06-01
EPAC