last sync: 2024-Nov-25 18:54:24 UTC

Microsoft Managed Control 1845 - Consent | Mechanisms Supporting Itemized or Tiered Consent | Regulatory Compliance - Individual Participation and Redress

Azure BuiltIn Policy definition

Source Azure Portal
Display name Microsoft Managed Control 1845 - Consent | Mechanisms Supporting Itemized or Tiered Consent
Id 2e5cd188-7fa8-41fc-87ff-0ac7475ccb25
Version 1.0.0
Details on versioning
Versioning Versions supported for Versioning: 0
Built-in Versioning [Preview]
Category Regulatory Compliance
Microsoft Learn
Description Microsoft implements this Individual Participation and Redress control
Additional metadata Name/Id: ACF1845 / Microsoft Managed Control 1845
Category: Individual Participation and Redress
Title: Consent | Mechanisms Supporting Itemized or Tiered Consent
Ownership: Customer, Microsoft
Description: The organization implements mechanisms to support itemized or tiered consent for specific uses of data.
Requirements: When creating a new Azure account, the customer must agree to the Microsoft Services Agreement and privacy and cookies statement. Microsoft utilizes privacy reviews to ensure potential privacy issues such as text that contradicts Azure’s privacy commitments, unapproved EULAs, or incorrect links to privacy statements do not arise. The reviews show that Microsoft validates information that is available to individuals is accurate, including information related to consent. PII is collected while signing up for services and subscriptions. During the sign-up process, Microsoft requires adherence to the Privacy Statement to inform the customer of what information Microsoft collects, and how it is utilized. Whenever Microsoft requires new uses for PII, additional consent is requested from the individual. When creating an account, Azure requires the customer to agree to the subscription agreement, offer details, privacy statement, and communications policy. This allows the customer to consent to information as defined in the privacy statement. Microsoft Azure continues to abide by the terms of the Privacy Shield framework but will no longer rely on it as a basis for the transfer of personal data from the EU/EEA to the United States. Instead, the company will rely on: - The Standard Contractual Clauses (also known as EU Model Clauses) as a lawful transfer mechanism for personal data from the EU and the European Economic Area. - An updated Microsoft Data Protection Addendum (DPA) for Online Services which reflects that transfers of personal data from the European Union, European Economic Area, Switzerland, and United Kingdom are now governed by the Standard Contractual Clauses (controller to processor) contained in Attachment 2 to the DPA.
Mode Indexed
Type Static
Preview False
Deprecated False
Effect Fixed
audit
RBAC role(s) none
Rule aliases none
Rule resource types IF (2)
Microsoft.Resources/subscriptions
Microsoft.Resources/subscriptions/resourceGroups
Compliance Not a Compliance control
Initiatives usage none
History
Date/Time (UTC ymd) (i) Change type Change detail
2022-04-01 20:29:14 add 2e5cd188-7fa8-41fc-87ff-0ac7475ccb25
JSON compare n/a
JSON
api-version=2021-06-01
EPAC