| Source | Azure Portal | ||||||||||||||||||||||
| Display name | Microsoft Managed Control 1026 - Account Management | Disable Accounts For High-Risk Individuals | ||||||||||||||||||||||
| Id | 55419419-c597-4cd4-b51e-009fd2266783 | ||||||||||||||||||||||
| Version | 1.0.0 Details on versioning |
||||||||||||||||||||||
| Versioning |
Versions supported for Versioning: 0 Built-in Versioning [Preview] |
||||||||||||||||||||||
| Category | Regulatory Compliance Microsoft Learn |
||||||||||||||||||||||
| Description | Microsoft implements this Access Control control | ||||||||||||||||||||||
| Additional metadata |
Name/Id: ACF1026 / Microsoft Managed Control 1026 Category: Access Control Title: Account Management | Disable Accounts For High-Risk Individuals Ownership: Customer, Microsoft Description: The organization disables accounts of users posing a significant risk within one (1) hour of discovery of the risk. Requirements: Active monitoring tools include the Geneva Monitoring Agent (MA), System Center Operations Manager (SCOM), and Kusto. Audit records for each Azure service are captured by the MA and retained in Azure Storage. The MA aggregates monitoring information for review. SCOM provides file integrity validation and protection, as well as the recovery of core system files if any unauthorized changes are detected. Kusto consolidates all available logs. These tools are configured to provide near-real-time alerts to service team or Security Response Team personnel in situations that require immediate action. Microsoft documents the indications of compromise or potential compromise in the Incident Management SOP. Azure follows normal incident reporting procedures if atypical usage is detected. Per the new hire orientation process, users that are discovered to pose a significant risk to Microsoft are terminated and their access is revoked from Microsoft networks, including Azure. For involuntary terminations, an urgent request for access termination is submitted via email from HR and access is disabled within four (4) hours. |
||||||||||||||||||||||
| Mode | Indexed | ||||||||||||||||||||||
| Type | Static | ||||||||||||||||||||||
| Preview | False | ||||||||||||||||||||||
| Deprecated | False | ||||||||||||||||||||||
| Effect | Fixed audit |
||||||||||||||||||||||
| RBAC role(s) | none | ||||||||||||||||||||||
| Rule aliases | none | ||||||||||||||||||||||
| Rule resource types | IF (2) Microsoft.Resources/subscriptions Microsoft.Resources/subscriptions/resourceGroups |
||||||||||||||||||||||
| Compliance |
The following 1 compliance controls are associated with this Policy definition 'Microsoft Managed Control 1026 - Account Management | Disable Accounts For High-Risk Individuals' (55419419-c597-4cd4-b51e-009fd2266783)
| ||||||||||||||||||||||
| Initiatives usage |
|
||||||||||||||||||||||
| History | none | ||||||||||||||||||||||
| JSON compare | n/a | ||||||||||||||||||||||
| JSON |
|