| Source | Azure Portal | ||
| Display name | Microsoft Managed Control 1326 - Authenticator Management | ||
| Id | 8605fc00-1bf5-4fb3-984e-c95cec4f231d | ||
| Version | 1.0.0 Details on versioning |
||
| Versioning |
Versions supported for Versioning: 0 Built-in Versioning [Preview] |
||
| Category | Regulatory Compliance Microsoft Learn |
||
| Description | Microsoft implements this Identification and Authentication control | ||
| Additional metadata |
Name/Id: ACF1326 / Microsoft Managed Control 1326 Category: Identification and Authentication Title: Authenticator Management - Group Accounts Authenticator Update Policy Ownership: Customer, Microsoft Description: The organization manages information system authenticators by: Changing authenticators for group/role accounts when membership to those accounts changes. Requirements: Group or shared accounts are not utilized within Azure unless necessary, such as where the local account or accounts cannot be deleted or disabled, or is necessary for emergency access. For accounts tracked as approved exceptions, the credentials for these accounts are stored in an approved secret management store, which tracks and monitors access to secrets and ensures group or shared account usage is uniquely attributable to the user accessing it by associated the secret store logs with the group or shared account usage. When a user accesses the credentials in the secret management store, that user is identified uniquely, ensuring non-repudiation and attributing user activity to the shared account. The approved secret management store enforces rotation of group account credentials every 70 days. Group account credentials are also rotated as needed when group membership changes. |
||
| Mode | Indexed | ||
| Type | Static | ||
| Preview | False | ||
| Deprecated | False | ||
| Effect | Fixed audit |
||
| RBAC role(s) | none | ||
| Rule aliases | none | ||
| Rule resource types | IF (2) Microsoft.Resources/subscriptions Microsoft.Resources/subscriptions/resourceGroups |
||
| Compliance | Not a Compliance control | ||
| Initiatives usage | none | ||
| History | none | ||
| JSON compare | n/a | ||
| JSON |
|