| Source | Azure Portal | ||
| Display name | Microsoft Managed Control 1686 - Information System Monitoring | ||
| Id | e17085c5-0be8-4423-b39b-a52d3d1402e5 | ||
| Version | 1.0.0 Details on versioning |
||
| Versioning |
Versions supported for Versioning: 0 Built-in Versioning [Preview] |
||
| Category | Regulatory Compliance Microsoft Learn |
||
| Description | Microsoft implements this System and Information Integrity control | ||
| Additional metadata |
Name/Id: ACF1686 / Microsoft Managed Control 1686 Category: System and Information Integrity Title: Information System Monitoring - Protection of Information Obtained from Monitoring Tools Ownership: Customer, Microsoft Description: The organization: Protects information obtained from intrusion-monitoring tools from unauthorized access, modification, and deletion; Requirements: Only service team personnel for the specific asset within Azure have access to security logs on the local asset via the role-based access control (RBAC) implemented via OneIdentity. Azure implements protection of audit information using an authenticated and encrypted connection from the local asset of log generation to the centralized audit collection systems using the Geneva Monitoring Agent (MA). Access to the centralized audit collection systems and storage is restricted to the Security Engineering and Operations groups based on the standard access groups defined for Azure. Only authorized service team personnel are allowed access to the actual audit records, and their assigned rights prohibit them from modifying or deleting audit information. Even if a user is able to clear local asset log data after elevating permissions via an approved JIT request, the action of cleaning the data is logged, and the cleared log data is present on Geneva Monitoring storage due to central ingestion. The following mechanisms are used to protect log information in transit and at rest: * Logs on the local asset can only be accessed through direct login to the asset. * The transfer of logs from the local asset to the service team and central storage accounts occurs over an HTTPS connection. * Read-only access to logs in Geneva Monitoring storage for Azure users is enabled through the Geneva Monitoring front-end portal. The access is restricted through AD security groups which are managed through OneIdentity. |
||
| Mode | Indexed | ||
| Type | Static | ||
| Preview | False | ||
| Deprecated | False | ||
| Effect | Fixed audit |
||
| RBAC role(s) | none | ||
| Rule aliases | none | ||
| Rule resource types | IF (2) Microsoft.Resources/subscriptions Microsoft.Resources/subscriptions/resourceGroups |
||
| Compliance | Not a Compliance control | ||
| Initiatives usage | none | ||
| History | none | ||
| JSON compare | n/a | ||
| JSON |
|