| Source | Azure Portal | ||
| Display name | Microsoft Managed Control 1013 - Account Management | Automated System Account Management | ||
| Id | 8fd7b917-d83b-4379-af60-51e14e316c61 | ||
| Version | 1.0.0 Details on versioning |
||
| Versioning |
Versions supported for Versioning: 0 Built-in Versioning [Preview] |
||
| Category | Regulatory Compliance Microsoft Learn |
||
| Description | Microsoft implements this Access Control control | ||
| Additional metadata |
Name/Id: ACF1013 / Microsoft Managed Control 1013 Category: Access Control Title: Account Management | Automated System - Account Management Ownership: Customer, Microsoft Description: The organization employs automated mechanisms to support the management of information system accounts. Requirements: CorpNet and Azure access are provisioned and managed using separate account management tools. CorpNet account management, using MyAccess, cannot provide access to Azure – it can only provide access to AD security groups that the Azure account management tool, OneIdentity, leverages. All standard access requests and approvals are managed through OneIdentityand MyAccess, supporting Azureand CorpNet, respectively, which are automated workflow management tools that track the process for all account requests, approvals, creations, modifications, and deletions. Azure uses Just in Time (JIT) access for elevated access to Azure. Individuals request access for a specific, limited purpose. Upon approval, JIT grants temporary, audited membership to the local administrator group or elevated role (e.g. Subscription Owner, Contributor, etc.). The membership is automatically revoked after a limited duration defined by the JIT policy, and all access grants are securely audited. |
||
| Mode | Indexed | ||
| Type | Static | ||
| Preview | False | ||
| Deprecated | False | ||
| Effect | Fixed audit |
||
| RBAC role(s) | none | ||
| Rule aliases | none | ||
| Rule resource types | IF (2) Microsoft.Resources/subscriptions Microsoft.Resources/subscriptions/resourceGroups |
||
| Compliance | Not a Compliance control | ||
| Initiatives usage | none | ||
| History | none | ||
| JSON compare | n/a | ||
| JSON |
|