| Source | Azure Portal | ||
| Display name | Microsoft Managed Control 1448 - Physical Access Authorizations | ||
| Id | 825d6494-e583-42f2-a3f2-6458e6f0004f | ||
| Version | 1.0.0 Details on versioning |
||
| Versioning |
Versions supported for Versioning: 0 Built-in Versioning [Preview] |
||
| Category | Regulatory Compliance Microsoft Learn |
||
| Description | Microsoft implements this Physical and Environmental Protection control | ||
| Additional metadata |
Name/Id: ACF1448 / Microsoft Managed Control 1448 Category: Physical and Environmental Protection Title: Physical Access Authorizations - Issuing Credentials Ownership: Microsoft Description: The organization: Issues authorization credentials for facility access; Requirements: DCAT is the authoritative source listing all personnel with authorized access to a specific datacenter. DCAT is linked with the datacenter’s physical security access control devices and authorizes access based on access levels that are approved by the DCM team. Access levels are assigned in DCAT to either a user’s Microsoft issued badge or a temporary access badge that is assigned at the datacenter by the Control Room Supervisor (CRS). Access levels are approved by the DCM team. Besides credentials assigned to physical badges, some areas of datacenter require two- factor authentication employing the user’s biometric data (hand geometry or fingerprint) as well as badge authentication to gain authorized entry. Azure Third-Party (Leased) Datacenters At a leased datacenter, DCAT is still considered the authoritative source for access to Microsoft areas within the datacenter. All access request approvals are first processed in DCAT and then emailed to the leased datacenter's security team. The leased datacenter's security team only authorizes access to Microsoft areas to individuals with an approved DCAT request. Besides credentials assigned to physical badges, some areas of datacenter require two- factor authentication employing the user’s biometric data (hand geometry or fingerprint) as well as badge authentication to gain authorized entry. |
||
| Mode | Indexed | ||
| Type | Static | ||
| Preview | False | ||
| Deprecated | False | ||
| Effect | Fixed audit |
||
| RBAC role(s) | none | ||
| Rule aliases | none | ||
| Rule resource types | IF (2) Microsoft.Resources/subscriptions Microsoft.Resources/subscriptions/resourceGroups |
||
| Compliance | Not a Compliance control | ||
| Initiatives usage | none | ||
| History | none | ||
| JSON compare | n/a | ||
| JSON |
|