| Source | Azure Portal | ||
| Display name | Microsoft Managed Control 1019 - Account Management | Role-Based Schemes | ||
| Id | 6a3ee9b2-3977-459c-b8ce-2db583abd9f7 | ||
| Version | 1.0.0 Details on versioning |
||
| Versioning |
Versions supported for Versioning: 0 Built-in Versioning [Preview] |
||
| Category | Regulatory Compliance Microsoft Learn |
||
| Description | Microsoft implements this Access Control control | ||
| Additional metadata |
Name/Id: ACF1019 / Microsoft Managed Control 1019 Category: Access Control Title: Account Management | Role-Based Schemes - Monitoring Privileged Accounts Ownership: Customer, Microsoft Description: The organization: Monitors privileged role assignments; and Requirements: Access requests to all AD security groups are tracked and managed through the automated workflow management of OneIdentityand MyAccess. These tools track the process of security group access request, approval, creation, modification, and deletion for Azure roles. All Azure production accounts are tracked and monitored using the automated account management tools including OneIdentity, MyAccess, and JIT, audit event collection and reporting, and administrative access audit reviews. Accounts are granted access to production system based on roles defined to limit the access to the systems and privileges needed for the administrator to complete their job. Azure tracks and monitors elevated role assignments through the access approval as needed for JIT, upon execution for emergency access accounts, and when requested as an exception to JIT and emergency access for persistent access. Azure also executes a quarterly review for all accounts, disabling those identified as unnecessary. |
||
| Mode | Indexed | ||
| Type | Static | ||
| Preview | False | ||
| Deprecated | False | ||
| Effect | Fixed audit |
||
| RBAC role(s) | none | ||
| Rule aliases | none | ||
| Rule resource types | IF (2) Microsoft.Resources/subscriptions Microsoft.Resources/subscriptions/resourceGroups |
||
| Compliance | Not a Compliance control | ||
| Initiatives usage | none | ||
| History | none | ||
| JSON compare | n/a | ||
| JSON |
|