| Source | Azure Portal | ||
| Display name | Microsoft Managed Control 1692 - Information System Monitoring | Inbound And Outbound Communications Traffic | ||
| Id | 7ecda928-9df4-4dd7-8f44-641a91e470e8 | ||
| Version | 1.0.0 Details on versioning |
||
| Versioning |
Versions supported for Versioning: 0 Built-in Versioning [Preview] |
||
| Category | Regulatory Compliance Microsoft Learn |
||
| Description | Microsoft implements this System and Information Integrity control | ||
| Additional metadata |
Name/Id: ACF1692 / Microsoft Managed Control 1692 Category: System and Information Integrity Title: Information System Monitoring | Inbound And Outbound Communications Traffic Ownership: Customer, Microsoft Description: The information system monitors inbound and outbound communications traffic continually for unusual or unauthorized activities or conditions. Requirements: Azure monitors communications continually using the centralized monitoring, correlation, and analysis systems that manage the large amount of information generated by assets within the environment. In addition to standard logging and monitoring via asset logs described in the AU family, Azure performs network monitoring and detection of unauthorized connections via Network Isolation (NetIso), which provides the Network Risk Management Service (NRMS) for network baseline measurement, management, and enforcement. The service provides an assessment of network security and alerts on internet exposed endpoints via Incident Management (IcM) based on analysis patterns for configuration issues. Any process that begins offering an open network port is flagged and investigated if it is not part of the approved baseline for that host, ensure detection of network services that have not been authorized as an indicator of compromise. Azure filters network traffic to Azure subscriptions at the Management Group Level. All traffic not allowed by the relevant Network Baselines will be blocked, regardless of Network Security Group (NSG) configuration within Azure Subscriptions. Traffic is effectively filtered at each level of the resource stack. In order for network traffic to get to an asset, it needs to be allowed by all of the levels of security rules. Azure currently has detections in place that will alert on suspicious/malicious outbound network activities to include brute force attacks, distributed denial of service, communication with known malicious IPs, and cryptocurrency mining. |
||
| Mode | Indexed | ||
| Type | Static | ||
| Preview | False | ||
| Deprecated | False | ||
| Effect | Fixed audit |
||
| RBAC role(s) | none | ||
| Rule aliases | none | ||
| Rule resource types | IF (2) Microsoft.Resources/subscriptions Microsoft.Resources/subscriptions/resourceGroups |
||
| Compliance | Not a Compliance control | ||
| Initiatives usage | none | ||
| History | none | ||
| JSON compare | n/a | ||
| JSON |
|