| Source | Azure Portal | ||
| Display name | Microsoft Managed Control 1020 - Account Management | Role-Based Schemes | ||
| Id | 0b291ee8-3140-4cad-beb7-568c077c78ce | ||
| Version | 1.0.0 Details on versioning |
||
| Versioning |
Versions supported for Versioning: 0 Built-in Versioning [Preview] |
||
| Category | Regulatory Compliance Microsoft Learn |
||
| Description | Microsoft implements this Access Control control | ||
| Additional metadata |
Name/Id: ACF1020 / Microsoft Managed Control 1020 Category: Access Control Title: Account Management | Role-Based Schemes - Privileged Role Expiration Ownership: Customer, Microsoft Description: The organization: Takes actions to terminate the account or remove it from relevant security groups immediately when privileged role assignments are no longer appropriate. Requirements: Elevated role assignments are no longer appropriate when Azure personnel either no longer need the administrative access to accomplish their task, their allotted JIT time expires, or the personnel are transferred or terminated. In those cases, Azure follows the account management processes to terminate the account or revoke access. |
||
| Mode | Indexed | ||
| Type | Static | ||
| Preview | False | ||
| Deprecated | False | ||
| Effect | Fixed audit |
||
| RBAC role(s) | none | ||
| Rule aliases | none | ||
| Rule resource types | IF (2) Microsoft.Resources/subscriptions Microsoft.Resources/subscriptions/resourceGroups |
||
| Compliance | Not a Compliance control | ||
| Initiatives usage | none | ||
| History | none | ||
| JSON compare | n/a | ||
| JSON |
|