| Source | Azure Portal | ||
| Display name | Microsoft Managed Control 1498 - Rules Of Behavior | ||
| Id | 633988b9-cf2f-4323-8394-f0d2af9cd6e1 | ||
| Version | 1.0.0 Details on versioning |
||
| Versioning |
Versions supported for Versioning: 0 Built-in Versioning [Preview] |
||
| Category | Regulatory Compliance Microsoft Learn |
||
| Description | Microsoft implements this Planning control | ||
| Additional metadata |
Name/Id: ACF1498 / Microsoft Managed Control 1498 Category: Planning Title: Rules of Behavior - Usage: Responsibilities And Expected Behavior Ownership: Customer, Microsoft Description: The organization: Establishes and makes readily available to individuals requiring access to the information system, the rules that describe their responsibilities and expected behavior with regard to information and information system usage; Requirements: Microsoft establishes and makes readily available to all Microsoft personnel the Microsoft Acceptable Use Policy which describes Microsoft internal user responsibilities and outlines the Online Services specific acceptable usage standards of the Infrastructure & Services technology assets. The agreements are put in place to protect trade secrets, sensitive, or business confidential information and assets. Additionally, the Microsoft General Use Standard describes Microsoft user responsibilities and establishes expected behavior when using Azure and other Microsoft systems. All Microsoft personnel, including FTEs, vendors, and contingent staff are required to follow the rules of behavior, which are outlined in the Microsoft General Use Standard that describes user responsibilities and establishes expected behavior when using information systems. The Non-Disclosure Agreement (NDA), the new hire orientation process, and the Microsoft Security Policy include statements regarding information and asset protection responsibilities. They also describe the penalties for the violation of these responsibilities. Also communicated via training, Microsoft Services’ security responsibilities extend outside of the work site, beyond the standard operating hours of their employment, and these responsibilities continue for a defined period after employment ends. All Azure staff are required to sign Employee Agreements (EAs), as well as other paperwork acknowledging training provided in the new hire orientation process, as a condition for employment. All Azure staff must provide a signed confirmation indicating understanding and agreement of these expectations prior to gaining access to the Microsoft’s network. The annual fulfillment of the security foundations course is signed by all personnel and meets the requirements for the rules of behavior and access agreements. At the end of the Security Foundations course, the personnel must check a box acknowledging that they have access to the Microsoft Policy and will abide by those policies. All personnel also must take the Standard of Business Conduct training, which includes additional information on responsibilities. |
||
| Mode | Indexed | ||
| Type | Static | ||
| Preview | False | ||
| Deprecated | False | ||
| Effect | Fixed audit |
||
| RBAC role(s) | none | ||
| Rule aliases | none | ||
| Rule resource types | IF (2) Microsoft.Resources/subscriptions Microsoft.Resources/subscriptions/resourceGroups |
||
| Compliance | Not a Compliance control | ||
| Initiatives usage | none | ||
| History | none | ||
| JSON compare | n/a | ||
| JSON |
|