| Source | Azure Portal | ||
| Display name | Microsoft Managed Control 1631 - Boundary Protection | Deny By Default / Allow By Exception | ||
| Id | 74ae9b8e-e7bb-4c9c-992f-c535282f7a2c | ||
| Version | 1.0.0 Details on versioning |
||
| Versioning |
Versions supported for Versioning: 0 Built-in Versioning [Preview] |
||
| Category | Regulatory Compliance Microsoft Learn |
||
| Description | Microsoft implements this System and Communications Protection control | ||
| Additional metadata |
Name/Id: ACF1631 / Microsoft Managed Control 1631 Category: System and Communications Protection Title: Boundary Protection | Deny By Default / Allow By Exception Ownership: Customer, Microsoft Description: The information system at managed interfaces denies network communications traffic by default and allows network communications traffic by exception (i.e., deny all, permit by exception). Requirements: The overarching principle for a virtualized solution is to allow only connections and communications that are necessary for that virtualized solution to operate, blocking all other ports, protocols, and connections by default. Azure only allows connections and communication that are necessary to operate the system and only after being explicitly opened. Connections are managed at the system boundary using Azure Networking boundary protection devices. Connections within the boundary are managed using: * IP Filtering * Network Security Group (NSG) ACLs * VFP Filtering (for virtual machines) * Host-based firewalls * Guest firewalls (for virtual machines) |
||
| Mode | Indexed | ||
| Type | Static | ||
| Preview | False | ||
| Deprecated | False | ||
| Effect | Fixed audit |
||
| RBAC role(s) | none | ||
| Rule aliases | none | ||
| Rule resource types | IF (2) Microsoft.Resources/subscriptions Microsoft.Resources/subscriptions/resourceGroups |
||
| Compliance | Not a Compliance control | ||
| Initiatives usage | none | ||
| History | none | ||
| JSON compare | n/a | ||
| JSON |
|