| Source | Azure Portal | ||
| Display name | Microsoft Managed Control 1057 - Permitted Actions Without Identification Or Authentication | ||
| Id | 78255758-6d45-4bf0-a005-7016bc03b13c | ||
| Version | 1.0.0 Details on versioning |
||
| Versioning |
Versions supported for Versioning: 0 Built-in Versioning [Preview] |
||
| Category | Regulatory Compliance Microsoft Learn |
||
| Description | Microsoft implements this Access Control control | ||
| Additional metadata |
Name/Id: ACF1057 / Microsoft Managed Control 1057 Category: Access Control Title: Permitted Actions Without Identification or Authentication - Identification of Actions Ownership: Customer, Microsoft Description: The organization: Identifies user actions is not applicable for employees and contractors, only the login page and limited public information is accessible for external users without authentication that can be performed on the information system without identification or authentication consistent with organizational missions/business functions; and Requirements: The only actions permitted by Azure to be performed without identification and authentication are accessing the public Feature Descriptions, Developer Documents, Legal, Privacy Statement, Help, and Language Preference options on the customer facing welcome page. On the welcome page the user enters his or her email address, at which point Active Directory Federation Services (ADFS) refers the user back to the customer-controlled federated authentication portal. Service teams also make aspects of their services consumable as needed. For instance, Azure Active Directory (AAD) DNS responds to unauthenticated DNS queries by design, as this is required to be compliant with the DNS specification and to ensure customers can successfully resolve AAD URLs. |
||
| Mode | Indexed | ||
| Type | Static | ||
| Preview | False | ||
| Deprecated | False | ||
| Effect | Fixed audit |
||
| RBAC role(s) | none | ||
| Rule aliases | none | ||
| Rule resource types | IF (2) Microsoft.Resources/subscriptions Microsoft.Resources/subscriptions/resourceGroups |
||
| Compliance | Not a Compliance control | ||
| Initiatives usage | none | ||
| History | none | ||
| JSON compare | n/a | ||
| JSON |
|