| Source | Azure Portal | ||
| Display name | Microsoft Managed Control 1212 - Configuration Settings | Automated Central Management / Application / Verification | ||
| Id | 56d970ee-4efc-49c8-8a4e-5916940d784c | ||
| Version | 1.0.0 Details on versioning |
||
| Versioning |
Versions supported for Versioning: 0 Built-in Versioning [Preview] |
||
| Category | Regulatory Compliance Microsoft Learn |
||
| Description | Microsoft implements this Configuration Management control | ||
| Additional metadata |
Name/Id: ACF1212 / Microsoft Managed Control 1212 Category: Configuration Management Title: Configuration Settings | Automated Central Management / Application / Verification Ownership: Customer, Microsoft Description: The organization employs automated mechanisms to centrally manage, apply, and verify configuration settings for All information system components. Requirements: Azure teams employ several tools to automatically manage, apply and verify configurations settings. Servers # IPAK The services running on Bare Metal and Pilotfish servers, including, but not limited to, Jumpboxes, Active Directory, Azure DNS, and other service teams, run standard Windows Server. The configuration baseline image for these assets is provided by the Imaging Production (IPAK) Engineering Team. The IPAK tool automates the installation of a standard set of applications, security fixes, and performance enhancements on Azure servers by providing a predictable and secure configuration in alignment with the Azure server baselines. Configuration baselines are developed by C+AI Security and then integrated into the IPAK for application to Azure servers. The IPAK is fully automatable or can be run manually, either locally on a single server, or remotely against many servers. The deployment of an IPAK includes the ability to access the summary log and preview status before and after an IPAK is deployed. IPAK logs are collected and can be previewed within the log collector tool, located on the IPAK site. This tool centrally manages and allows querying of log data for IPAK deployments. # RDOS The RDOS team updates the server configuration baseline for Azure Host, Azure Native, and Azure Guest assets. The server base image is a version in which the kernel and many other core components have been modified to optimize them for the Azure environment. For service teams using Cloud Services, Windows server images are in the form of Virtual Hard Disks (VHDs) that are deployed as Guest VMs in the production environment. For Linux images, service teams use the Secure Base Image (SBI) that has been customized for secure configuration baselines relevant to Azure. Network Devices Config Policy Verifier (CPV) centrally monitors network device configurations, including verification of configuration settings and application and management of them. Device configuration settings are compared against network device baselines in the form of Gold images to determine consistency across the environment. The Configuration Management process runs daily on all Azure network devices, verifying the device configuration against Azure Networking standard policies. The Summary report notes the number of failures and the number of devices tested. |
||
| Mode | Indexed | ||
| Type | Static | ||
| Preview | False | ||
| Deprecated | False | ||
| Effect | Fixed audit |
||
| RBAC role(s) | none | ||
| Rule aliases | none | ||
| Rule resource types | IF (2) Microsoft.Resources/subscriptions Microsoft.Resources/subscriptions/resourceGroups |
||
| Compliance | Not a Compliance control | ||
| Initiatives usage | none | ||
| History | none | ||
| JSON compare | n/a | ||
| JSON |
|