| Source | Azure Portal | ||
| Display name | Microsoft Managed Control 1632 - Boundary Protection | Prevent Split Tunneling For Remote Devices | ||
| Id | 4ce9073a-77fa-48f0-96b1-87aa8e6091c2 | ||
| Version | 1.0.0 Details on versioning |
||
| Versioning |
Versions supported for Versioning: 0 Built-in Versioning [Preview] |
||
| Category | Regulatory Compliance Microsoft Learn |
||
| Description | Microsoft implements this System and Communications Protection control | ||
| Additional metadata |
Name/Id: ACF1632 / Microsoft Managed Control 1632 Category: System and Communications Protection Title: Boundary Protection | Prevent Split Tunneling For Remote Devices Ownership: Customer, Microsoft Description: The information system, in conjunction with a remote device, prevents the device from simultaneously establishing non-remote connections with the system and communicating via some other connection to resources in external networks. Requirements: Azure sessions do not permit split tunneling. Azure utilizes an L4 VPN which does not allow split tunneling – this feature only works with L3 VPNs. All connections are made over FIPS 140-2 TLS encrypted connections and authenticated using multifactor authentication (MFA). Azure does not permit remote devices to establish non-remote connections (such as VPNs) with the Azure environment. In order to access the Azure environment, a user must authenticate with their Azure domain credentials either through an Azure Remote Desktop Gateway boundary device via the Microsoft remote desktop connection client (internet accessible) or through a connection (not internet accessible). |
||
| Mode | Indexed | ||
| Type | Static | ||
| Preview | False | ||
| Deprecated | False | ||
| Effect | Fixed audit |
||
| RBAC role(s) | none | ||
| Rule aliases | none | ||
| Rule resource types | IF (2) Microsoft.Resources/subscriptions Microsoft.Resources/subscriptions/resourceGroups |
||
| Compliance | Not a Compliance control | ||
| Initiatives usage | none | ||
| History | none | ||
| JSON compare | n/a | ||
| JSON |
|