| Source | Azure Portal | ||
| Display name | Microsoft Managed Control 1342 - Authenticator Management | Hardware Token-Based Authentication | ||
| Id | 283a4e29-69d5-4c94-b99e-29acf003c899 | ||
| Version | 1.0.0 Details on versioning |
||
| Versioning |
Versions supported for Versioning: 0 Built-in Versioning [Preview] |
||
| Category | Regulatory Compliance Microsoft Learn |
||
| Description | Microsoft implements this Identification and Authentication control | ||
| Additional metadata |
Name/Id: ACF1342 / Microsoft Managed Control 1342 Category: Identification and Authentication Title: Authenticator Management | Hardware Token-Based Authentication Ownership: Customer, Microsoft Description: The information system, for hardware token-based authentication, employs mechanisms that satisfy eAuth Level 4 and FIPS 140-2 requirements. Requirements: Azure uses multifactor authentication for network access by Azure personnel using eAuth Level 4 and FIPS 140-2 compliant Thales smart cards. Microsoft’s corporate PKI has been established to provide a variety of digital certificate services to support operations for Azure and for the Microsoft corporation. The Microsoft corporate PKI functions as the Certificate Authority (CA) and Registration Authority (RA) and provides directory services to manage keys and certificates. The certificates are signed by an internal Microsoft CA and are validated against that CA's public key. Azure also checks certificates against certificate revocation lists. The Azure PKI Certificate Practice Statement (CPS) document governs PKI operations and sets forth the business, legal, and technical practices for approving, issuing, managing, using, revoking, and renewing digital certificates. PKI certificates are stored within smart cards and authorized access to the corresponding private keys are enforced. Access to certs is restricted via PIN requirements to gain access to the certificate stored on the card. The Azure PKI intermediate CA servers are members of only internally rooted PKI chains, permitting the issuance of certificates to users and computers within the Azure AD environments. Azure validates the certificates by constructing a certification path with status information to an accepted trust anchor. |
||
| Mode | Indexed | ||
| Type | Static | ||
| Preview | False | ||
| Deprecated | False | ||
| Effect | Fixed audit |
||
| RBAC role(s) | none | ||
| Rule aliases | none | ||
| Rule resource types | IF (2) Microsoft.Resources/subscriptions Microsoft.Resources/subscriptions/resourceGroups |
||
| Compliance | Not a Compliance control | ||
| Initiatives usage | none | ||
| History | none | ||
| JSON compare | n/a | ||
| JSON |
|