last sync: 2024-Apr-24 17:47:19 UTC

ACAT for Microsoft 365 Certification

Azure BuiltIn Policy Initiative (PolicySet)

Source Azure Portal
Display nameACAT for Microsoft 365 Certification
Id80307b86-ab81-45ab-bf4f-4e0b93cf3dd5
Version1.0.0
Details on versioning
CategoryRegulatory Compliance
Microsoft Learn
DescriptionApp Compliance Automation Tool for Microsoft 365 (ACAT) simplifies the process to achieve Microsoft 365 Certification, see https://aka.ms/acat. This certification ensures that apps have strong security and compliance practices in place to protect customer data, security, and privacy. This initiative includes policies that address a subset of the Microsoft 365 Certification controls. Additional policies will be added in upcoming releases.
TypeBuiltIn
DeprecatedFalse
PreviewFalse
Policy count Total Policies: 24
Builtin Policies: 24
Static Policies: 0
Policy used
Policy DisplayName Policy Id Category Effect Roles# Roles State
Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities 3cf2ab00-13f1-4d0c-8971-2ac904541a7e Guest Configuration Fixed
modify
1 Contributor GA
Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity 497dff13-db2a-4c0f-8603-28fa3b331ab6 Guest Configuration Fixed
modify
1 Contributor GA
App Service Environment should have TLS 1.0 and 1.1 disabled d6545c6b-dd9d-4265-91e6-0b451e2f1c50 App Service Default
Audit
Allowed
Audit, Deny, Disabled
0 GA
Azure Firewall Premium should configure a valid intermediate certificate to enable TLS inspection 711c24bb-7f18-4578-b192-81a6161e1f17 Network Default
Audit
Allowed
Audit, Deny, Disabled
0 GA
Azure SQL Database should be running TLS version 1.2 or newer 32e6bbec-16b6-44c2-be37-c5b672d103cf SQL Default
Audit
Allowed
Audit, Disabled, Deny
0 GA
Azure Synapse Analytics dedicated SQL pools should enable encryption cfaf0007-99c7-4b01-b36b-4048872ac978 Synapse Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Bypass list of Intrusion Detection and Prevention System (IDPS) should be empty in Firewall Policy Premium f516dc7a-4543-4d40-aad6-98f76a706b50 Network Default
Audit
Allowed
Audit, Deny, Disabled
0 GA
Deploy the Linux Guest Configuration extension to enable Guest Configuration assignments on Linux VMs 331e8ea8-378a-410f-a2e5-ae22f38bb0da Guest Configuration Fixed
deployIfNotExists
1 Contributor GA
Deploy the Windows Guest Configuration extension to enable Guest Configuration assignments on Windows VMs 385f5831-96d4-41db-9a3c-cd3af78aaae6 Guest Configuration Fixed
deployIfNotExists
1 Contributor GA
Disk encryption should be enabled on Azure Data Explorer f4b53539-8df9-40e4-86c6-6b607703bd4e Azure Data Explorer Default
Audit
Allowed
Audit, Deny, Disabled
0 GA
Firewall Policy Premium should enable all IDPS signature rules to monitor all inbound and outbound traffic flows 610b6183-5f00-4d68-86d2-4ab4cb3a67a5 Network Default
Audit
Allowed
Audit, Deny, Disabled
0 GA
Firewall Policy Premium should enable the Intrusion Detection and Prevention System (IDPS) 6484db87-a62d-4327-9f07-80a2cbdf333a Network Default
Audit
Allowed
Audit, Deny, Disabled
0 GA
Linux virtual machines should have Azure Monitor Agent installed 1afdc4b6-581a-45fb-b630-f1e6051e3e7a Monitoring Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
SQL Managed Instance should have the minimal TLS version of 1.2 a8793640-60f7-487c-b5c3-1d37215905c4 SQL Default
Audit
Allowed
Audit, Disabled
0 GA
Storage accounts should have the specified minimum TLS version fe83a0eb-a853-422d-aac2-1bffd182c5d0 Storage Default
Audit
Allowed
Audit, Deny, Disabled
0 GA
Subscription should configure the Azure Firewall Premium to provide additional layer of protection f2c2d0a6-e183-4fc8-bd8f-363c65d3bbbf Network Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Vulnerability assessment should be enabled on your Synapse workspaces 0049a6b3-a662-4f3e-8635-39cf44ace45a Synapse Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Web Application Firewall (WAF) should enable all firewall rules for Application Gateway 632d3993-e2c0-44ea-a7db-2eca131f356d Network Default
Audit
Allowed
Audit, Deny, Disabled
0 GA
Web Application Firewall (WAF) should use the specified mode for Application Gateway 12430be1-6cc8-4527-a9a8-e3d38f250096 Network Default
Audit
Allowed
Audit, Deny, Disabled
0 GA
Windows machines should configure Windows Defender to update protection signatures within one day d96163de-dbe0-45ac-b803-0e9ca0f5764e Guest Configuration Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Windows machines should enable Windows Defender Real-time protection b3248a42-b1c1-41a4-87bc-8bad3d845589 Guest Configuration Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Windows machines should schedule Windows Defender to perform a scheduled scan every day 3810e389-1d92-4f77-9267-33bdcf0bd225 Guest Configuration Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Windows machines should use the default NTP server 2454bbee-dc19-442f-83fc-7f3114cafd91 Guest Configuration Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Windows virtual machines should have Azure Monitor Agent installed c02729e5-e5e7-4458-97fa-2b5ad0661f28 Monitoring Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Roles used Total Roles usage: 4
Total Roles unique usage: 1
Role Role Id Policies count Policies
Contributor b24988ac-6180-42a0-ab88-20f7382dd24c 4 Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities, Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity, Deploy the Linux Guest Configuration extension to enable Guest Configuration assignments on Linux VMs, Deploy the Windows Guest Configuration extension to enable Guest Configuration assignments on Windows VMs
History
Date/Time (UTC ymd) (i) Changes
2023-01-19 18:07:18 add Initiative 80307b86-ab81-45ab-bf4f-4e0b93cf3dd5
JSON compare n/a
JSON
api-version=2021-06-01
EPAC