| Source | Azure Portal | ||
| Display name | Microsoft Managed Control 1022 - Account Management | Shared / Group Account Credential Termination | ||
| Id | 411f7e2d-9a0b-4627-a0b9-1700432db47d | ||
| Version | 1.0.0 Details on versioning |
||
| Versioning |
Versions supported for Versioning: 0 Built-in Versioning [Preview] |
||
| Category | Regulatory Compliance Microsoft Learn |
||
| Description | Microsoft implements this Access Control control | ||
| Additional metadata |
Name/Id: ACF1022 / Microsoft Managed Control 1022 Category: Access Control Title: Account Management | Shared / Group Account Credential Termination Ownership: Customer, Microsoft Description: The information system terminates shared/group account credentials when members leave the group. Requirements: Group or shared accounts are not utilized within Azure unless necessary, such as where the local account or accounts cannot be deleted or disabled, or is necessary for emergency access. For accounts tracked as approved exceptions, the credentials for these accounts are stored in an approved secret management store, which tracks and monitors access to secrets and ensures group or shared account usage is uniquely attributable to the user accessing it by associated the secret store logs with the group or shared account usage. When a user accesses the credentials in the secret management store, that user is identified uniquely, ensuring non-repudiation and attributing user activity to the shared account. |
||
| Mode | Indexed | ||
| Type | Static | ||
| Preview | False | ||
| Deprecated | False | ||
| Effect | Fixed audit |
||
| RBAC role(s) | none | ||
| Rule aliases | none | ||
| Rule resource types | IF (2) Microsoft.Resources/subscriptions Microsoft.Resources/subscriptions/resourceGroups |
||
| Compliance | Not a Compliance control | ||
| Initiatives usage | none | ||
| History | none | ||
| JSON compare | n/a | ||
| JSON |
|