| Source | Azure Portal | ||
| Display name | Microsoft Managed Control 1660 - Session Authenticity | ||
| Id | 63096613-ce83-43e5-96f4-e588e8813554 | ||
| Version | 1.0.0 Details on versioning |
||
| Versioning |
Versions supported for Versioning: 0 Built-in Versioning [Preview] |
||
| Category | Regulatory Compliance Microsoft Learn |
||
| Description | Microsoft implements this System and Communications Protection control | ||
| Additional metadata |
Name/Id: ACF1660 / Microsoft Managed Control 1660 Category: System and Communications Protection Title: Session Authenticity Ownership: Customer, Microsoft Description: The information system protects the authenticity of communications sessions. Requirements: Azure uses digital certificates to establish the identity of Jumpboxes, Debug servers, and Network Hop Boxes as the access points to the Azure environment. Digital certificates are used in public key cryptography (PKI) to establish the identity of assets for purposes of authentication. This also supports encrypted connections using TLS, which is resistant to man in the middle attacks. All communications between Azure internal components that transfer confidential information are protected using TLS. In most cases, SSL certificates are self-signed, and their fingerprints are distributed over the same channels as the IP addresses. Exceptions are for any certificates for connections that could be accessed from outside the Azure network, including the storage service, and for the Fabric Controllers (FCs). FCs have certificates issued by a Microsoft Certificate Authority (CA) that chains back to a trusted root CA. |
||
| Mode | Indexed | ||
| Type | Static | ||
| Preview | False | ||
| Deprecated | False | ||
| Effect | Fixed audit |
||
| RBAC role(s) | none | ||
| Rule aliases | none | ||
| Rule resource types | IF (2) Microsoft.Resources/subscriptions Microsoft.Resources/subscriptions/resourceGroups |
||
| Compliance | Not a Compliance control | ||
| Initiatives usage | none | ||
| History | none | ||
| JSON compare | n/a | ||
| JSON |
|