| Source | Azure Portal | ||||||
| Display name | Microsoft Managed Control 1845 - Consent | Mechanisms Supporting Itemized or Tiered Consent | ||||||
| Id | 2e5cd188-7fa8-41fc-87ff-0ac7475ccb25 | ||||||
| Version | 1.0.0 Details on versioning |
||||||
| Versioning |
Versions supported for Versioning: 0 Built-in Versioning [Preview] |
||||||
| Category | Regulatory Compliance Microsoft Learn |
||||||
| Description | Microsoft implements this Individual Participation and Redress control | ||||||
| Additional metadata |
Name/Id: ACF1845 / Microsoft Managed Control 1845 Category: Individual Participation and Redress Title: Consent | Mechanisms Supporting Itemized or Tiered Consent Ownership: Customer, Microsoft Description: The organization implements mechanisms to support itemized or tiered consent for specific uses of data. Requirements: When creating a new Azure account, the customer must agree to the Microsoft Services Agreement and privacy and cookies statement. Microsoft utilizes privacy reviews to ensure potential privacy issues such as text that contradicts Azure’s privacy commitments, unapproved EULAs, or incorrect links to privacy statements do not arise. The reviews show that Microsoft validates information that is available to individuals is accurate, including information related to consent. PII is collected while signing up for services and subscriptions. During the sign-up process, Microsoft requires adherence to the Privacy Statement to inform the customer of what information Microsoft collects, and how it is utilized. Whenever Microsoft requires new uses for PII, additional consent is requested from the individual. When creating an account, Azure requires the customer to agree to the subscription agreement, offer details, privacy statement, and communications policy. This allows the customer to consent to information as defined in the privacy statement. Microsoft Azure continues to abide by the terms of the Privacy Shield framework but will no longer rely on it as a basis for the transfer of personal data from the EU/EEA to the United States. Instead, the company will rely on: - The Standard Contractual Clauses (also known as EU Model Clauses) as a lawful transfer mechanism for personal data from the EU and the European Economic Area. - An updated Microsoft Data Protection Addendum (DPA) for Online Services which reflects that transfers of personal data from the European Union, European Economic Area, Switzerland, and United Kingdom are now governed by the Standard Contractual Clauses (controller to processor) contained in Attachment 2 to the DPA. |
||||||
| Mode | Indexed | ||||||
| Type | Static | ||||||
| Preview | False | ||||||
| Deprecated | False | ||||||
| Effect | Fixed audit |
||||||
| RBAC role(s) | none | ||||||
| Rule aliases | none | ||||||
| Rule resource types | IF (2) Microsoft.Resources/subscriptions Microsoft.Resources/subscriptions/resourceGroups |
||||||
| Compliance | Not a Compliance control | ||||||
| Initiatives usage | none | ||||||
| History |
|
||||||
| JSON compare | n/a | ||||||
| JSON |
|