| Source | Azure Portal | ||
| Display name | Microsoft Managed Control 1016 - Account Management | Automated Audit Actions | ||
| Id | d8b43277-512e-40c3-ab00-14b3b6e72238 | ||
| Version | 1.0.0 Details on versioning |
||
| Versioning |
Versions supported for Versioning: 0 Built-in Versioning [Preview] |
||
| Category | Regulatory Compliance Microsoft Learn |
||
| Description | Microsoft implements this Access Control control | ||
| Additional metadata |
Name/Id: ACF1016 / Microsoft Managed Control 1016 Category: Access Control Title: Account Management | Automated Audit Actions Ownership: Customer, Microsoft Description: The information system automatically audits account creation, modification, enabling, disabling, and removal actions, and notifies C+AI Security Operations Center (SOC) team and user’s account manager. Requirements: OneIdentity, which is used to manage all Azure domain accounts, automatically logs account creation, modification, and disablement actions which are ingested into Geneva Monitoring. Servers Azure performs auditing of elevated user accounts at the asset layer through Geneva Monitoring. The servers provide a record of account creation, modification, disabling, and termination of accounts, which notifies the Security Response Team for any suspicious activities. Network Devices Network device access is audited via logs from the Authentication, Authorization, and Accounting (AAA) system. The AAA logs AAA Administration, which includes account creation, modification, and disablement. |
||
| Mode | Indexed | ||
| Type | Static | ||
| Preview | False | ||
| Deprecated | False | ||
| Effect | Fixed audit |
||
| RBAC role(s) | none | ||
| Rule aliases | none | ||
| Rule resource types | IF (2) Microsoft.Resources/subscriptions Microsoft.Resources/subscriptions/resourceGroups |
||
| Compliance | Not a Compliance control | ||
| Initiatives usage | none | ||
| History | none | ||
| JSON compare | n/a | ||
| JSON |
|