| Source | Azure Portal | ||
| Display name | Microsoft Managed Control 1050 - Concurrent Session Control | ||
| Id | bd20184c-b4ec-4ce5-8db6-6e86352d183f | ||
| Version | 1.0.0 Details on versioning |
||
| Versioning |
Versions supported for Versioning: 0 Built-in Versioning [Preview] |
||
| Category | Regulatory Compliance Microsoft Learn |
||
| Description | Microsoft implements this Access Control control | ||
| Additional metadata |
Name/Id: ACF1050 / Microsoft Managed Control 1050 Category: Access Control Title: Concurrent Session Control Ownership: Customer, Microsoft Description: The information system doesn't limit the number of concurrent sessions for all accounts. Requirements: Servers Azure does not currently limit the number of concurrent sessions to production operating systems. However, users can only log in via Remote Desktop Protocol (RDP) once with their credentials. This limits sessions to one session per host, per user. Additionally, the following compensating access control measures are in place: multifactor authentication is required for all access to Azure systems for Azure personnel; account lockout is enforced for invalid login attempts at the smart card level; access to administrative interfaces is limited to approved access through role-based access control, ensuring that the risk of exploit by other than specifically designated personnel is low to non-existent. Conversely, prohibiting concurrent sessions would hinder Azure administration and maintenance. Azure requires specialized, non-public software tools and utilities. These create dedicated sessions directly associated with the tool. Trouble investigation such as running diagnostics require multiple instances of these tools, often for extended periods. Network Devices Accessing network devices in the Azure environment requires users to establish a connection to the Azure Network Hop Boxes or to connect to the VPNbefore connecting to the Azure environment. When establishing a connection to a network device, a user must authenticate with a physical Azure-issued smart card before establishing a session to an Azure domain server. The multifactor authentication provided by the physical smart card and PIN combination requirement provides additional security when access to network devices is attempted. Concurrent sessions are implemented at the Azure Network Hop Boxes or to connect to the VPN for the network devices versus at the individual device layer. Software Service team web applications enforce a limit of one session per browser cookie for all customer user sessions. |
||
| Mode | Indexed | ||
| Type | Static | ||
| Preview | False | ||
| Deprecated | False | ||
| Effect | Fixed audit |
||
| RBAC role(s) | none | ||
| Rule aliases | none | ||
| Rule resource types | IF (2) Microsoft.Resources/subscriptions Microsoft.Resources/subscriptions/resourceGroups |
||
| Compliance | Not a Compliance control | ||
| Initiatives usage | none | ||
| History | none | ||
| JSON compare | n/a | ||
| JSON |
|