| Source | Azure Portal | ||
| Display name | Microsoft Managed Control 1035 - Least Privilege | Authorize Access To Security Functions | ||
| Id | ca94b046-45e2-444f-a862-dc8ce262a516 | ||
| Version | 1.0.0 Details on versioning |
||
| Versioning |
Versions supported for Versioning: 0 Built-in Versioning [Preview] |
||
| Category | Regulatory Compliance Microsoft Learn |
||
| Description | Microsoft implements this Access Control control | ||
| Additional metadata |
Name/Id: ACF1035 / Microsoft Managed Control 1035 Category: Access Control Title: Least Privilege | Authorize Access To Security Functions Ownership: Customer, Microsoft Description: The organization explicitly authorizes access to all functions not publicly accessible and all security-relevant information not publicly available, including but not limited to: configuring access authorizations (i.e. permissions, privileges), authentication, setting events to be audited, and system and security administration access to log data. Requirements: For all Azure assets, logical access is explicitly authorized. Azure requires explicit authorization before granting access to Azure, including but not limited to any of the following security functions: establishing system accounts; configuring access authorizations; authentication; setting events to be audited; and system and security administration access to log data. OneIdentityand MyAccess are used to document authorization to Azure resources based on structured business rules using designated and restricted security groups that prescribe which Azure components a user can access. |
||
| Mode | Indexed | ||
| Type | Static | ||
| Preview | False | ||
| Deprecated | False | ||
| Effect | Fixed audit |
||
| RBAC role(s) | none | ||
| Rule aliases | none | ||
| Rule resource types | IF (2) Microsoft.Resources/subscriptions Microsoft.Resources/subscriptions/resourceGroups |
||
| Compliance | Not a Compliance control | ||
| Initiatives usage | none | ||
| History | none | ||
| JSON compare | n/a | ||
| JSON |
|