| Source | Azure Portal | ||
| Display name | Microsoft Managed Control 1036 - Least Privilege | Non-Privileged Access For Nonsecurity Functions | ||
| Id | 9a16d673-8cf0-4dcf-b1d5-9b3e114fef71 | ||
| Version | 1.0.0 Details on versioning |
||
| Versioning |
Versions supported for Versioning: 0 Built-in Versioning [Preview] |
||
| Category | Regulatory Compliance Microsoft Learn |
||
| Description | Microsoft implements this Access Control control | ||
| Additional metadata |
Name/Id: ACF1036 / Microsoft Managed Control 1036 Category: Access Control Title: Least Privilege | Non-Privileged Access For Nonsecurity Functions Ownership: Customer, Microsoft Description: The organization requires that users of information system accounts, or roles, with access to all security functions, use non-privileged accounts or roles, when accessing nonsecurity functions. Requirements: Azure personnel do not have persistent elevated access by default to the Azure production environment. Azure requires users to use their accounts for specific job functions that require the appropriate level of access needed. Elevated access is used only for those specified job functions required by the user's responsibilities; temporary elevated access is granted through JIT based on a valid business justification. Persistent elevated access in the form of emergency access accounts are not permitted to be used except for management and operation of the system. In addition, no unprivileged actions such as use of web browsers, email clients, etc., are allowed within the production environment. |
||
| Mode | Indexed | ||
| Type | Static | ||
| Preview | False | ||
| Deprecated | False | ||
| Effect | Fixed audit |
||
| RBAC role(s) | none | ||
| Rule aliases | none | ||
| Rule resource types | IF (2) Microsoft.Resources/subscriptions Microsoft.Resources/subscriptions/resourceGroups |
||
| Compliance | Not a Compliance control | ||
| Initiatives usage | none | ||
| History | none | ||
| JSON compare | n/a | ||
| JSON |
|