last sync: 2024-Nov-25 18:54:24 UTC

Microsoft Managed Control 1694 - Information System Monitoring | Analyze Communications Traffic Anomalies | Regulatory Compliance - System and Information Integrity

Azure BuiltIn Policy definition

Source Azure Portal
Display name Microsoft Managed Control 1694 - Information System Monitoring | Analyze Communications Traffic Anomalies
Id 426c4ac9-ff17-49d0-acd7-a13c157081c0
Version 1.0.0
Details on versioning
Versioning Versions supported for Versioning: 0
Built-in Versioning [Preview]
Category Regulatory Compliance
Microsoft Learn
Description Microsoft implements this System and Information Integrity control
Additional metadata Name/Id: ACF1694 / Microsoft Managed Control 1694
Category: System and Information Integrity
Title: Information System Monitoring | Analyze Communications Traffic Anomalies
Ownership: Customer, Microsoft
Description: The organization doesn't analyzes outbound communications traffic at the external boundary of the information system and selected interior points within the system (e.g., subnetworks, subsystems) to discover anomalies as this is the responsibility of the customer. This control is not applicable in the organization.
Requirements: For Azure services, onboarding to Azure Security Pack enables monitoring of network communication correlated with network logs and in-memory lateral movement during post exploitation for all deployment types via Process Investigation, which is available externally via Azure Security Center via Fileless Attack detections, and via the Network Risk Management (NRM) Service. The NRM service assesses the resultant set of open ports and protocols based on data provided by the VM agent. Additionally, for VMs hosted on Azure, the Network Security Group (NSG) settings are considered and the resultant set of the settings is calculated. Additionally, for the assets running in Bare Metal, Azure assesses the Surface Area Manager configuration settings. For Linux VMs hosted in Azure, Azure uses the NSG settings to validate that the configuration meets the network baseline requirements. For all deployment types, if there is a network baseline violation that exposes a management port to the internet, an alert is generated and routed to the service team. For internal service teams, Azure implements monitoring and alerting for unusual behavior of key security features including, but not limited to, if a user accesses an asset without using Azure Just In Time (JIT) access, if a dSTS account has an unusual access pattern, if the Geneva Actions have unusual activity, if the Azure Fabric is accessed without using Azure JIT, or if a service owner has unexpected changes to permissions in the service team subscription. Additionally, internal services regardless of deployment type monitor their own network connections for unexpected network activities at the application layer. However, to protect customer end user identifiable information, Azure does not monitor the customer traffic in the security monitoring solutions.
Mode Indexed
Type Static
Preview False
Deprecated False
Effect Fixed
audit
RBAC role(s) none
Rule aliases none
Rule resource types IF (2)
Microsoft.Resources/subscriptions
Microsoft.Resources/subscriptions/resourceGroups
Compliance Not a Compliance control
Initiatives usage none
History none
JSON compare n/a
JSON
api-version=2021-06-01
EPAC