AzInitiativeAdvertizer

last sync: 2024-Jul-26 18:18:00 UTC

PCI DSS v4

Azure BuiltIn Policy Initiative (PolicySet)

Source Azure Portal
Display namePCI DSS v4
Idc676748e-3af9-4e22-bc28-50feed564afb
Version1.2.0
Details on versioning
CategoryRegulatory Compliance
Microsoft Learn
DescriptionThe Payment Card Industry (PCI) Data Security Standards (DSS) is a global information security standard designed to prevent fraud through increased control of credit card data. Compliance with PCI DSS is required for any organization that stores, processes, or transmits payment and cardholder data. These policies address a subset of PCI-DSS v4 controls. For more information, visit https://docs.microsoft.com/azure/governance/policy/samples/pci-dss-3-2-1
TypeBuiltIn
DeprecatedFalse
PreviewFalse
Policy count Total Policies: 276
Builtin Policies: 276
Static Policies: 0
Policy used
Policy DisplayName Policy Id Category Effect Roles# Roles State
A maximum of 3 owners should be designated for your subscription 4f11b553-d42e-4e3a-89be-32ca364cad4c Security Center Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled		 0 GA
A vulnerability assessment solution should be enabled on your virtual machines 501541f7-f7e7-4cd6-868c-4190fdad3ac9 Security Center Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled		 0 GA
Accounts with owner permissions on Azure resources should be MFA enabled e3e008c3-56b9-4133-8fd7-d3347377402a Security Center Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled		 0 GA
Accounts with write permissions on Azure resources should be MFA enabled 931e118d-50a1-4457-a5e4-78550e086c52 Security Center Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled		 0 GA
Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities 3cf2ab00-13f1-4d0c-8971-2ac904541a7e Guest Configuration Fixed
modify		 1 Contributor GA
Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity 497dff13-db2a-4c0f-8603-28fa3b331ab6 Guest Configuration Fixed
modify		 1 Contributor GA
Adhere to retention periods defined 1ecb79d7-1a06-9a3b-3be8-f434d04d1ec1 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Adopt biometric authentication mechanisms 7d7a8356-5c34-9a95-3118-1424cfaf192a Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Alert personnel of information spillage 9622aaa9-5c49-40e2-5bf8-660b7cd23deb Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
All network ports should be restricted on network security groups associated to your virtual machine 9daedab3-fb2d-461e-b861-71790eead4f6 Security Center Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled		 0 GA
An Azure Active Directory administrator should be provisioned for SQL servers 1f314764-cb73-4fc9-b863-8eca98ac36e9 SQL Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled		 0 GA
App Service apps should only be accessible over HTTPS a4af4a39-4135-47fb-b175-47fbdf85311d App Service Default
Audit
Allowed
Audit, Disabled, Deny		 0 GA
Appoint a senior information security officer c6cf9f2c-5fd8-3f16-a1f1-f0b69c904928 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Assess information security events 37b0045b-3887-367b-8b4d-b9a6fa911bb9 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Assess risk in third party relationships 0d04cb93-a0f1-2f4b-4b1b-a72a1b510d08 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Assess Security Controls c423e64d-995c-9f67-0403-b540f65ba42a Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Assign system identifiers f29b17a4-0df2-8a50-058a-8570f9979d28 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Audit diagnostic setting for selected resource types 7f89b1eb-583c-429a-8828-af049802c1d9 Monitoring Fixed
AuditIfNotExists		 0 GA
Audit privileged functions f26af0b1-65b6-689a-a03f-352ad2d00f98 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Audit usage of custom RBAC roles a451c1ef-c6ca-483d-87ed-f49761e3ffb5 General Default
Audit
Allowed
Audit, Disabled		 0 GA
Audit user account status 49c23d9b-02b0-0e42-4f94-e8cef1b8381b Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Audit Windows machines that allow re-use of the passwords after the specified number of unique passwords 5b054a0d-39e2-4d53-bea3-9734cad2c69b Guest Configuration Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled		 0 GA
Audit Windows machines that do not have the maximum password age set to specified number of days 4ceb8dc2-559c-478b-a15b-733fbf1e3738 Guest Configuration Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled		 0 GA
Audit Windows machines that do not restrict the minimum password length to specified number of characters a2d0e922-65d0-40c4-8f87-ea6da2d307a2 Guest Configuration Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled		 0 GA
Auditing on SQL server should be enabled a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9 SQL Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled		 0 GA
Authenticate to cryptographic module 6f1de470-79f3-1572-866e-db0771352fc8 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Authorize access to security functions and information aeed863a-0f56-429f-945d-8bb66bd06841 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Authorize and manage access 50e9324a-7410-0539-0662-2c1e775538b7 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Authorize remote access dad8a2e9-6f27-4fc2-8933-7e99fe700c9c Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Automate account management 2cc9c165-46bd-9762-5739-d2aae5ba90a1 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Automation account variables should be encrypted 3657f5a0-770e-44a3-b44e-9431ba1e9735 Automation Default
Audit
Allowed
Audit, Deny, Disabled		 0 GA
Block untrusted and unsigned processes that run from USB 3d399cf3-8fc6-0efc-6ab0-1412f1198517 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Blocked accounts with owner permissions on Azure resources should be removed 0cfea604-3201-4e14-88fc-fae4c427a6c5 Security Center Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled		 0 GA
Blocked accounts with read and write permissions on Azure resources should be removed 8d7e1fde-fe26-4b5f-8108-f8e432cbc2be Security Center Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled		 0 GA
Check for privacy and security compliance before establishing internal connections ee4bbbbb-2e52-9adb-4e3a-e641f7ac68ab Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Clear personnel with access to classified information c42f19c9-5d88-92da-0742-371a0ea03126 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Conduct a full text analysis of logged privileged commands 8eea8c14-4d93-63a3-0c82-000343ee5204 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Conduct a security impact analysis 203101f5-99a3-1491-1b56-acccd9b66a9e Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Conduct Risk Assessment 677e1da4-00c3-287a-563d-f4a1cf9b99a0 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Conduct risk assessment and distribute its results d7c1ecc3-2980-a079-1569-91aec8ac4a77 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Conduct risk assessment and document its results 1dbd51c2-2bd1-5e26-75ba-ed075d8f0d68 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Configure actions for noncompliant devices b53aa659-513e-032c-52e6-1ce0ba46582f Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Configure detection whitelist 2927e340-60e4-43ad-6b5f-7a1468232cc2 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Configure workstations to check for digital certificates 26daf649-22d1-97e9-2a8a-01b182194d59 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Control information flow 59bedbdc-0ba9-39b9-66bb-1d1c192384e6 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Control physical access 55a7f9a0-6397-7589-05ef-5ed59a8149e7 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Correlate audit records 10874318-0bf7-a41f-8463-03e395482080 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Create a data inventory 043c1e56-5a16-52f8-6af8-583098ff3e60 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Create alternative actions for identified anomalies cc2f7339-2fac-1ea9-9ca3-cd530fbb0da2 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Define a physical key management process 51e4b233-8ee3-8bdc-8f5f-f33bd0d229b7 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Define and enforce conditions for shared and group accounts f7eb1d0b-6d4f-2d59-1591-7563e11a9313 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Define and enforce inactivity log policy 2af4640d-11a6-a64b-5ceb-a468f4341c0c Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Define cryptographic use c4ccd607-702b-8ae6-8eeb-fc3339cd4b42 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Define information system account types 623b5f0a-8cbd-03a6-4892-201d27302f0c Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Define organizational requirements for cryptographic key management d661e9eb-4e15-5ba1-6f02-cdc467db0d6c Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Define requirements for supplying goods and services 2b2f3a72-9e68-3993-2b69-13dcdecf8958 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Define the duties of processors 52375c01-4d4c-7acc-3aa4-5b3d53a047ec Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Deliver security assessment results 8e49107c-3338-40d1-02aa-d524178a2afe Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Deploy the Windows Guest Configuration extension to enable Guest Configuration assignments on Windows VMs 385f5831-96d4-41db-9a3c-cd3af78aaae6 Guest Configuration Fixed
deployIfNotExists		 1 Contributor GA
Design an access control model 03b6427e-6072-4226-4bd9-a410ab65317e Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Determine assertion requirements 7a0ecd94-3699-5273-76a5-edb8499f655a Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Determine auditable events 2f67e567-03db-9d1f-67dc-b6ffb91312f4 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Determine supplier contract obligations 67ada943-8539-083d-35d0-7af648974125 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Develop acceptable use policies and procedures 42116f15-5665-a52a-87bb-b40e64c74b6c Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Develop access control policies and procedures 59f7feff-02aa-6539-2cf7-bea75b762140 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Develop an incident response plan 2b4e134f-1e4c-2bff-573e-082d85479b6e Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Develop and maintain a vulnerability management standard 055da733-55c6-9e10-8194-c40731057ec4 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Develop and maintain baseline configurations 2f20840e-7925-221c-725d-757442753e7c Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Develop audit and accountability policies and procedures a28323fe-276d-3787-32d2-cef6395764c4 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Develop information security policies and procedures af227964-5b8b-22a2-9364-06d2cb9d6d7c Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Develop POA&M 477bd136-7dd9-55f8-48ac-bae096b86a07 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Develop security assessment plan 1c258345-5cd4-30c8-9ef3-5ee4dd5231d6 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Develop security safeguards 423f6d9c-0c73-9cc6-64f4-b52242490368 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Disable authenticators upon termination d9d48ffb-0d8c-0bd5-5f31-5a5826d19f10 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Disseminate security alerts to personnel 9c93ef57-7000-63fb-9b74-88f2e17ca5d2 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Distribute authenticators 098dcde7-016a-06c3-0985-0daaf3301d3a Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Document acquisition contract acceptance criteria 0803eaa7-671c-08a7-52fd-ac419f775e75 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Document and implement wireless access guidelines 04b3e7f6-4841-888d-4799-cda19a0084f6 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Document mobility training 83dfb2b8-678b-20a0-4c44-5c75ada023e6 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Document personnel acceptance of privacy requirements 271a3e58-1b38-933d-74c9-a580006b80aa Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Document protection of personal data in acquisition contracts f9ec3263-9562-1768-65a1-729793635a8d Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Document protection of security information in acquisition contracts d78f95ba-870a-a500-6104-8a5ce2534f19 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Document remote access guidelines 3d492600-27ba-62cc-a1c3-66eb919f6a0d Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Document requirements for the use of shared data in contracts 0ba211ef-0e85-2a45-17fc-401d1b3f8f85 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Document security and privacy training activities 524e7136-9f6a-75ba-9089-501018151346 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Document security assurance requirements in acquisition contracts 13efd2d7-3980-a2a4-39d0-527180c009e8 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Document security documentation requirements in acquisition contract a465e8e9-0095-85cb-a05f-1dd4960d02af Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Document security functional requirements in acquisition contracts 57927290-8000-59bf-3776-90c468ac5b4b Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Document security strength requirements in acquisition contracts ebb0ba89-6d8c-84a7-252b-7393881e43de Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Document the information system environment in acquisition contracts c148208b-1a6f-a4ac-7abc-23b1d41121b1 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Document the legal basis for processing personal information 79c75b38-334b-1a69-65e0-a9d929a42f75 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Document the protection of cardholder data in third party contracts 77acc53d-0f67-6e06-7d04-5750653d4629 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Employ a media sanitization mechanism eaaae23f-92c9-4460-51cf-913feaea4d52 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Employ automatic shutdown/restart when violations are detected 1b8a7ec3-11cc-a2d3-8cd0-eedf074424a4 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Employ flow control mechanisms of encrypted information 79365f13-8ba4-1f6c-2ac4-aa39929f56d0 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Employ independent team for penetration testing 611ebc63-8600-50b6-a0e3-fef272457132 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Employ least privilege access 1bc7fd64-291f-028e-4ed6-6e07886e163f Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Enable dual or joint authorization 2c843d78-8f64-92b5-6a9b-e8186c0e7eb6 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Enable network protection 8c255136-994b-9616-79f5-ae87810e0dcf Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Enforce a limit of consecutive failed login attempts b4409bff-2287-8407-05fd-c73175a68302 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Enforce and audit access restrictions 8cd815bf-97e1-5144-0735-11f6ddb50a59 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Enforce logical access 10c4210b-3ec9-9603-050d-77e4d26c7ebb Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Enforce mandatory and discretionary access control policies b1666a13-8f67-9c47-155e-69e027ff6823 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Enforce rules of behavior and access agreements 509552f5-6528-3540-7959-fbeae4832533 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Enforce security configuration settings 058e9719-1ff9-3653-4230-23f76b6492e0 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Enforce user uniqueness e336d5f4-4d8f-0059-759c-ae10f63d1747 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Ensure authorized users protect provided authenticators 37dbe3dc-0e9c-24fa-36f2-11197cbfa207 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Eradicate contaminated information 54a9c072-4a93-2a03-6a43-a060d30383d7 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Establish a configuration control board 7380631c-5bf5-0e3a-4509-0873becd8a63 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Establish a data leakage management procedure 3c9aa856-6b86-35dc-83f4-bc72cec74dea Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Establish a password policy d8bbd80e-3bb1-5983-06c2-428526ec6a63 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Establish a privacy program 39eb03c1-97cc-11ab-0960-6209ed2869f7 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Establish a risk management strategy d36700f2-2f0d-7c2a-059c-bdadd1d79f70 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Establish a threat intelligence program b0e3035d-6366-2e37-796e-8bcab9c649e6 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Establish an information security program 84245967-7882-54f6-2d34-85059f725b47 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Establish and document a configuration management plan 526ed90e-890f-69e7-0386-ba5c0f1f784f Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Establish and document change control processes bd4dc286-2f30-5b95-777c-681f3a7913d3 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Establish authenticator types and processes 921ae4c1-507f-5ddb-8a58-cfa9b5fd96f0 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Establish backup policies and procedures 4f23967c-a74b-9a09-9dc2-f566f61a87b9 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Establish configuration management requirements for developers 8747b573-8294-86a0-8914-49e9b06a5ace Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Establish information security workforce development and improvement program b544f797-a73b-1be3-6d01-6b1a085376bc Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Establish policies for supply chain risk management 9150259b-617b-596d-3bf5-5ca3fce20335 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Establish requirements for audit review and reporting b3c8cc83-20d3-3890-8bc8-5568777670f4 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Execute actions in response to information spills ba78efc6-795c-64f4-7a02-91effbd34af9 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Function apps should only be accessible over HTTPS 6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab App Service Default
Audit
Allowed
Audit, Disabled, Deny		 0 GA
Govern and monitor audit processing activities 333b4ada-4a02-0648-3d4d-d812974f1bb2 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Govern policies and procedures 1a2a03a4-9992-5788-5953-d8f6615306de Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Guest accounts with owner permissions on Azure resources should be removed 339353f6-2387-4a45-abe4-7f529d121046 Security Center Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled		 0 GA
Guest accounts with read permissions on Azure resources should be removed e9ac8f8e-ce22-4355-8f04-99b911d6be52 Security Center Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled		 0 GA
Guest accounts with write permissions on Azure resources should be removed 94e1c2ac-cbbe-4cac-a2b5-389c812dee87 Security Center Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled		 0 GA
Identify and authenticate network devices ae5345d5-8dab-086a-7290-db43a3272198 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Identify and authenticate non-organizational users e1379836-3492-6395-451d-2f5062e14136 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Identify external service providers 46ab2c5e-6654-1f58-8c83-e97a44f39308 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Implement a threat awareness program 015b4935-448a-8684-27c0-d13086356c33 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Implement an automated configuration management tool 33832848-42ab-63f3-1a55-c0ad309d44cd Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Implement an insider threat program 35de8462-03ff-45b3-5746-9d4603c74c56 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Implement controls to secure all media e435f7e3-0dd9-58c9-451f-9b44b96c0232 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Implement controls to secure alternate work sites cd36eeec-67e7-205a-4b64-dbfe3b4e3e4e Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Implement cryptographic mechanisms 10c3a1b1-29b0-a2d5-8f4c-a284b0f07830 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Implement incident handling 433de59e-7a53-a766-02c2-f80f8421469a Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Implement managed interface for each external service b262e1dd-08e9-41d4-963a-258909ad794b Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Implement parameters for memorized secret verifiers 3b30aa25-0f19-6c04-5ca4-bd3f880a763d Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Implement personnel screening e0c480bf-0d68-a42d-4cbb-b60f851f8716 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Implement physical security for offices, working areas, and secure areas 05ec66a2-137c-14b8-8e75-3d7a2bef07f8 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Implement privacy notice delivery methods 06f84330-4c27-21f7-72cd-7488afd50244 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Implement security directives 26d178a4-9261-6f04-a100-47ed85314c6e Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Implement system boundary protection 01ae60e2-38bb-0a32-7b20-d3a091423409 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Implement training for protecting authenticators e4b00788-7e1c-33ec-0418-d048508e095b Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Incorporate security and data privacy practices in research processing 834b7a4a-83ab-2188-1a26-9c5033d8173b Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Integrate audit review, analysis, and reporting f741c4e6-41eb-15a4-25a2-61ac7ca232f0 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Integrate cloud app security with a siem 9fdde4a9-85fa-7850-6df4-ae9c4a2e56f9 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Issue public key certificates 97d91b33-7050-237b-3e23-a77d57d84e13 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Limit privileges to make changes in production environment 2af551d5-1775-326a-0589-590bfb7e9eb2 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Maintain availability of information 3ad7f0bc-3d03-0585-4d24-529779bb02c2 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Maintain data breach records 0fd1ca29-677b-2f12-1879-639716459160 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Maintain incident response plan 37546841-8ea1-5be0-214d-8ac599588332 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Maintain records of processing of personal data 92ede480-154e-0e22-4dca-8b46a74a3a51 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Manage authenticator lifetime and reuse 29363ae1-68cd-01ca-799d-92c9197c8404 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Manage Authenticators 4aacaec9-0628-272c-3e83-0d68446694e0 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Manage compliance activities 4e400494-53a5-5147-6f4d-718b539c7394 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Manage gateways 63f63e71-6c3f-9add-4c43-64de23e554a7 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Manage symmetric cryptographic keys 9c276cf3-596f-581a-7fbd-f5e46edaa0f4 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Manage system and admin accounts 34d38ea7-6754-1838-7031-d7fd07099821 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Manage the input, output, processing, and storage of data e603da3a-8af7-4f8a-94cb-1bcc0e0333d2 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Manage the transportation of assets 4ac81669-00e2-9790-8648-71bc11bc91eb Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Monitor access across the organization 48c816c5-2190-61fc-8806-25d6f3df162f Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Monitor account activity 7b28ba4f-0a87-46ac-62e1-46b7c09202a8 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Monitor missing Endpoint Protection in Azure Security Center af6cd1bd-1635-48cb-bde7-5b15693900b9 Security Center Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled		 0 GA
Monitor privileged role assignment ed87d27a-9abf-7c71-714c-61d881889da4 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Notify personnel of any failed security verification tests 18e9d748-73d4-0c96-55ab-b108bfbd5bc3 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Notify when account is not needed 8489ff90-8d29-61df-2d84-f9ab0f4c5e84 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Obtain Admin documentation 3f1216b0-30ee-1ac9-3899-63eb744e85f5 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Obtain consent prior to collection or processing of personal data 069101ac-4578-31da-0cd4-ff083edd3eb4 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Obtain continuous monitoring plan for security controls ca6d7878-3189-1833-4620-6c7254ed1607 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Obtain design and implementation information for the security controls 22a02c9a-49e4-5dc9-0d14-eb35ad717154 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Obtain functional properties of security controls 44b71aa8-099d-8b97-1557-0e853ec38e0d Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Only secure connections to your Azure Cache for Redis should be enabled 22bee202-a82f-4305-9a2a-6d7f44d4dedb Cache Default
Audit
Allowed
Audit, Deny, Disabled		 0 GA
Perform a privacy impact assessment d18af1ac-0086-4762-6dc8-87cdded90e39 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Perform a risk assessment 8c5d3d8d-5cba-0def-257c-5ab9ea9644dc Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Perform a trend analysis on threats 50e81644-923d-33fc-6ebb-9733bc8d1a06 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Perform audit for configuration change control 1282809c-9001-176b-4a81-260a085f4872 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Perform disposition review b5a4be05-3997-1731-3260-98be653610f6 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Perform security function verification at a defined frequency f30edfad-4e1d-1eef-27ee-9292d6d89842 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Perform vulnerability scans 3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Produce Security Assessment report 70a7a065-a060-85f8-7863-eb7850ed2af9 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Produce, control and distribute asymmetric cryptographic keys de077e7e-0cc8-65a6-6e08-9ab46c827b05 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Produce, control and distribute symmetric cryptographic keys 16c54e01-9e65-7524-7c33-beda48a75779 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Protect audit information 0e696f5a-451f-5c15-5532-044136538491 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Protect data in transit using encryption b11697e8-9515-16f1-7a35-477d5c8a1344 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Protect incident response plan 2401b496-7f23-79b2-9f80-89bb5abf3d4a Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Protect passwords with encryption b2d3e5a2-97ab-5497-565a-71172a729d93 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Protect special information a315c657-4a00-8eba-15ac-44692ad24423 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Protect wireless access d42a8f69-a193-6cbc-48b9-04a9e29961f1 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Provide information spillage training 2d4d0e90-32d9-4deb-2166-a00d51ed57c0 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Provide periodic role-based security training 9ac8621d-9acd-55bf-9f99-ee4212cc3d85 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Provide periodic security awareness training 516be556-1353-080d-2c2f-f46f000d5785 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Provide privacy notice 098a7b84-1031-66d8-4e78-bd15b5fd2efb Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Provide privacy training 518eafdd-08e5-37a9-795b-15a8d798056d Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Provide role-based security training 4c385143-09fd-3a34-790c-a5fd9ec77ddc Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Provide security training before providing access 2b05dca2-25ec-9335-495c-29155f785082 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Provide security training for new users 1cb7bf71-841c-4741-438a-67c65fdd7194 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Provide updated security awareness training d136ae80-54dd-321c-98b4-17acf4af2169 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Record disclosures of PII to third parties 8b1da407-5e60-5037-612e-2caa1b590719 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Refresh authenticators 3ae68d9a-5696-8c32-62d3-c6f9c52e437c Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Reissue authenticators for changed groups and accounts 2f204e72-1896-3bf8-75c9-9128b8683a36 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Remediate information system flaws be38a620-000b-21cf-3cb3-ea151b704c3b Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Require approval for account creation de770ba6-50dd-a316-2932-e0d972eaa734 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Require compliance with intellectual property rights 725164e5-3b21-1ec2-7e42-14f077862841 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Require developer to identify SDLC ports, protocols, and services f6da5cca-5795-60ff-49e1-4972567815fe Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Require developers to manage change integrity b33d61c1-7463-7025-0ec0-a47585b59147 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Require external service providers to comply with security requirements 4e45863d-9ea9-32b4-a204-2680bc6007a6 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Require use of individual authenticators 08ad71d0-52be-6503-4908-e015460a16ae Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Rescreen individuals at a defined frequency c6aeb800-0b19-944d-92dc-59b893722329 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Restrict access to private keys 8d140e8b-76c7-77de-1d46-ed1b2e112444 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Restrict access to privileged accounts 873895e8-0e3a-6492-42e9-22cd030e9fcd Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Restrict communications 5020f3f4-a579-2f28-72a8-283c5a0b15f9 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Retain security policies and procedures efef28d0-3226-966a-a1e8-70e89c1b30bc Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Retain terminated user data 7c7032fe-9ce6-9092-5890-87a1a3755db1 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Review access control policies and procedures 03d550b4-34ee-03f4-515f-f2e2faf7a413 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Review account provisioning logs a830fe9e-08c9-a4fb-420c-6f6bf1702395 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Review administrator assignments weekly f27a298f-9443-014a-0d40-fef12adf0259 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Review and update configuration management policies and procedures eb8a8df9-521f-3ccd-7e2c-3d1fcc812340 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Review and update identification and authentication policies and procedures 29acfac0-4bb4-121b-8283-8943198b1549 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Review and update information integrity policies and procedures 6bededc0-2985-54d5-4158-eb8bad8070a0 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Review and update media protection policies and procedures b4e19d22-8c0e-7cad-3219-c84c62dc250f Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Review and update physical and environmental policies and procedures 91cf132e-0c9f-37a8-a523-dc6a92cd2fb2 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Review and update system and communications protection policies and procedures adf517f3-6dcd-3546-9928-34777d0c277e Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Review and update system and services acquisition policies and procedures f49925aa-9b11-76ae-10e2-6e973cc60f37 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Review audit data 6625638f-3ba1-7404-5983-0ea33d719d34 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Review changes for any unauthorized changes c246d146-82b0-301f-32e7-1065dcd248b7 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Review cloud identity report overview 8aec4343-9153-9641-172c-defb201f56b3 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Review cloud service provider's compliance with policies and agreements ffea18d9-13de-6505-37f3-4c1f88070ad7 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Review controlled folder access events f48b60c6-4b37-332f-7288-b6ea50d300eb Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Review file and folder activity ef718fe4-7ceb-9ddf-3198-0ee8f6fe9cba Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Review label activity and analytics e23444b9-9662-40f3-289e-6d25c02b48fa Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Review malware detections report weekly 4a6f5cbd-6c6b-006f-2bb1-091af1441bce Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Review role group changes weekly 70fe686f-1f91-7dab-11bf-bca4201e183b Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Review security assessment and authorization policies and procedures a4493012-908c-5f48-a468-1e243be884ce Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Review threat protection status weekly fad161f5-5261-401a-22dd-e037bae011bd Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Review user accounts 79f081c7-1634-01a1-708e-376197999289 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Review user groups and applications with access to sensitive data eb1c944e-0e94-647b-9b7e-fdb8d2af0838 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Review user privileges f96d2186-79df-262d-3f76-f371e3b71798 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Revoke privileged roles as appropriate 32f22cfa-770b-057c-965b-450898425519 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Satisfy token quality requirements 056a723b-4946-9d2a-5243-3aa27c4d31a1 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Secure the interface to external systems ff1efad2-6b09-54cc-01bf-d386c4d558a8 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Secure transfer to storage accounts should be enabled 404c3081-a854-4457-ae30-26a93ef643f9 Storage Default
Audit
Allowed
Audit, Deny, Disabled		 0 GA
Select additional testing for security control assessments f78fc35e-1268-0bca-a798-afcba9d2330a Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Separate duties of individuals 60ee1260-97f0-61bb-8155-5d8b75743655 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Service Fabric clusters should have the ClusterProtectionLevel property set to EncryptAndSign 617c02be-7f02-4efd-8836-3180d47b6c68 Service Fabric Default
Audit
Allowed
Audit, Deny, Disabled		 0 GA
Set automated notifications for new and trending cloud applications in your organization af38215f-70c4-0cd6-40c2-c52d86690a45 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
SQL databases should have vulnerability findings resolved feedbf84-6b99-488c-acc2-71c829aa5ffc Security Center Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled		 0 GA
Storage accounts should be migrated to new Azure Resource Manager resources 37e0d2fe-28a5-43d6-a273-67d37d1f5606 Storage Default
Audit
Allowed
Audit, Deny, Disabled		 0 GA
Storage accounts should restrict network access 34c877ad-507e-4c82-993e-3452a6e0ad3c Storage Default
Audit
Allowed
Audit, Deny, Disabled		 0 GA
Support personal verification credentials issued by legal authorities 1d39b5d9-0392-8954-8359-575ce1957d1a Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
System updates should be installed on your machines 86b3d65f-7626-441e-b690-81a8b71cff60 Security Center Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled		 0 GA
Terminate customer controlled account credentials 76d66b5c-85e4-93f5-96a5-ebb2fad61dc6 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Terminate user session automatically 4502e506-5f35-0df4-684f-b326e3cc7093 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
There should be more than one owner assigned to your subscription 09024ccc-0c5f-475e-9457-b7c0d9ed487b Security Center Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled		 0 GA
Track software license usage 77cc89bb-774f-48d7-8a84-fb8c322c3000 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Transparent Data Encryption on SQL databases should be enabled 17k78e20-9358-41c9-923c-fb736d382a12 SQL Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled		 0 GA
Turn on sensors for endpoint security solution 5fc24b95-53f7-0ed1-2330-701b539b97fe Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Undergo independent security review 9b55929b-0101-47c0-a16e-d6ac5c7d21f8 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Update antivirus definitions ea9d7c95-2f10-8a4d-61d8-7469bd2e8d65 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Update information security policies 5226dee6-3420-711b-4709-8e675ebd828f Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Update POA&M items cc057769-01d9-95ad-a36f-1e62a7f9540b Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Update privacy plan, policies, and procedures 96333008-988d-4add-549b-92b3a8c42063 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Use privileged identity management e714b481-8fac-64a2-14a9-6f079b2501a4 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Use system clocks for audit records 1ee4c7eb-480a-0007-77ff-4ba370776266 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Verify identity before distributing authenticators 72889284-15d2-90b2-4b39-a1e9541e1152 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Verify personal data is deleted at the end of processing c6b877a6-5d6d-1862-4b7f-3ccc30b25b63 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Verify security functions ece8bb17-4080-5127-915f-dc7267ee8549 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Verify software, firmware and information integrity db28735f-518f-870e-15b4-49623cbe3aa0 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
View and configure system diagnostic data 0123edae-3567-a05a-9b05-b53ebe9d3e7e Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
View and investigate restricted users 98145a9b-428a-7e81-9d14-ebb154a24f93 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled		 0 GA
Virtual machines should be migrated to new Azure Resource Manager resources 1d84d5fb-01f6-4d12-ba4f-4a26081d403d Compute Default
Audit
Allowed
Audit, Deny, Disabled		 0 GA
Vulnerabilities in security configuration on your machines should be remediated e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15 Security Center Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled		 0 GA
Roles used Total Roles usage: 3
Total Roles unique usage: 1
Role Role Id Policies count Policies
Contributor b24988ac-6180-42a0-ab88-20f7382dd24c 3 Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities, Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity, Deploy the Windows Guest Configuration extension to enable Guest Configuration assignments on Windows VMs
History
Date/Time (UTC ymd) (i) Changes
2024-06-06 18:16:34 Version change: '1.1.0' to '1.2.0'
remove Policy [Deprecated]: Virtual machines should encrypt temp disks, caches, and data flows between Compute and Storage resources (0961003e-5a0a-4549-abde-af6a37f2724d)
2023-05-04 17:45:12 add Policy Guest accounts with write permissions on Azure resources should be removed (94e1c2ac-cbbe-4cac-a2b5-389c812dee87)
add Policy Accounts with owner permissions on Azure resources should be MFA enabled (e3e008c3-56b9-4133-8fd7-d3347377402a)
add Policy Blocked accounts with read and write permissions on Azure resources should be removed (8d7e1fde-fe26-4b5f-8108-f8e432cbc2be)
add Policy Guest accounts with read permissions on Azure resources should be removed (e9ac8f8e-ce22-4355-8f04-99b911d6be52)
add Policy Blocked accounts with owner permissions on Azure resources should be removed (0cfea604-3201-4e14-88fc-fae4c427a6c5)
add Policy Guest accounts with owner permissions on Azure resources should be removed (339353f6-2387-4a45-abe4-7f529d121046)
add Policy Accounts with write permissions on Azure resources should be MFA enabled (931e118d-50a1-4457-a5e4-78550e086c52)
Version change: '1.0.0' to '1.1.0'
remove Policy [Deprecated]: MFA should be enabled on accounts with owner permissions on your subscription (aa633080-8b72-40c4-a2d7-d00c03e80bed)
remove Policy [Deprecated]: Deprecated accounts should be removed from your subscription (6b1cbf55-e8b6-442f-ba4c-7246b6381474)
remove Policy [Deprecated]: External accounts with read permissions should be removed from your subscription (5f76cf89-fbf2-47fd-a3f4-b891fa780b60)
remove Policy [Deprecated]: External accounts with owner permissions should be removed from your subscription (f8456c1c-aa66-4dfb-861a-25d127b775c9)
remove Policy [Deprecated]: MFA should be enabled for accounts with write permissions on your subscription (9297c21d-2ed6-4474-b48f-163f75654ce3)
remove Policy [Deprecated]: External accounts with write permissions should be removed from your subscription (5c607a2e-c700-4744-8254-d77e7c9eb5e4)
remove Policy [Deprecated]: Deprecated accounts with owner permissions should be removed from your subscription (ebb62a0c-3560-49e1-89ed-27e074e9f8ad)
2022-09-27 16:35:21 add Initiative c676748e-3af9-4e22-bc28-50feed564afb
JSON compare
compare mode: version left: version right:
JSON
api-version=2021-06-01
EPAC