| Source | Azure Portal | ||
| Display name | Microsoft Managed Control 1642 - Network Disconnect | ||
| Id | 53397227-5ee3-4b23-9e5e-c8a767ce6928 | ||
| Version | 1.0.0 Details on versioning |
||
| Versioning |
Versions supported for Versioning: 0 Built-in Versioning [Preview] |
||
| Category | Regulatory Compliance Microsoft Learn |
||
| Description | Microsoft implements this System and Communications Protection control | ||
| Additional metadata |
Name/Id: ACF1642 / Microsoft Managed Control 1642 Category: System and Communications Protection Title: Network Disconnect Ownership: Customer, Microsoft Description: The information system terminates the network connection associated with a communications session at the end of the session or after 360 minutes of inactivity. Requirements: Azure Secure Admin Workstations (SAWs) require reauthentication after at most ten (10) minutes of user inactivity. These are the only method of access to the environment. The SAW VPN terminates inactive sessions after three hundred sixty (360) minutes of inactivity, and the non-SAW VPN terminates inactive sessions after sixty (60) minutes of inactivity. The logical access process to Azure resources is controlled using Remote Desktop Protocol (RDP), Secure Shell (SSH) and the SSL VPN. Non-interactive sessions are not permitted through Azure. Servers RDP and SSH idle timeout inherit the settings of the target server. Azure servers are configured to terminate idle sessions after one (1) hour of inactivity & one (1) day to end a disconnected session for RDP and (15) minutes of inactivity for SSH. Network Devices SSH idle timeout inherits the settings of the target network device. Azure network devices are configured to terminate inactive sessions after sixty (60) minutes. Azure implements user sessions that terminate after sixty (60) minutes of inactivity on the Pulse VPN. The risks associated with a sixty (60) minute disconnect are mitigated through using multifactor authentication (MFA) with FIPS 140-2 level 3 validated smart card tokens for all in-band management and by logging security events related to account activity. |
||
| Mode | Indexed | ||
| Type | Static | ||
| Preview | False | ||
| Deprecated | False | ||
| Effect | Fixed audit |
||
| RBAC role(s) | none | ||
| Rule aliases | none | ||
| Rule resource types | IF (2) Microsoft.Resources/subscriptions Microsoft.Resources/subscriptions/resourceGroups |
||
| Compliance | Not a Compliance control | ||
| Initiatives usage | none | ||
| History | none | ||
| JSON compare | n/a | ||
| JSON |
|