| Source | Azure Portal | |||||||||||||||||||||||||||||||||
| Display name | Microsoft Managed Control 1716 - Software & Information Integrity | Integration Of Detection And Response | |||||||||||||||||||||||||||||||||
| Id | e54c325e-42a0-4dcf-b105-046e0f6f590f | |||||||||||||||||||||||||||||||||
| Version | 1.0.1 Details on versioning |
|||||||||||||||||||||||||||||||||
| Versioning |
Versions supported for Versioning: 0 Built-in Versioning [Preview] |
|||||||||||||||||||||||||||||||||
| Category | Regulatory Compliance Microsoft Learn |
|||||||||||||||||||||||||||||||||
| Description | Microsoft implements this System and Information Integrity control | |||||||||||||||||||||||||||||||||
| Additional metadata |
Name/Id: ACF1716 / Microsoft Managed Control 1716 Category: System and Information Integrity Title: Software & Information Integrity | Integration Of Detection And Response Ownership: Customer, Microsoft Description: The organization incorporates the detection of unauthorized changes to operating system files, installation of software, privilege elevation into the organizational incident response capability. Requirements: Azure utilizes Azure Security Pack (AzSecPack) monitoring via Azure System Lockdown (AzSysLock) for unexpected running software - to alert on and in some cases block unsigned code from running in the environment. This is defined as any software that is not signed per the appropriate signing certificates. AzSysLock sends alerts for service teams that are not properly using AppLocker and Code Integrity. Additionally, for services running with AzSysLock in enforcement mode, which is currently an opt-in feature of AzSecPack, the binary does not run if it is not signed. Alerts for unsigned binaries running are created to service owners as a Severity 2 incident per Azure CEN. In addition, for servers, AzSecPack alerts on critical baseline changes. For network devices, the Config Policy Verifier (CPV) and Config Change Reporter (CCR) alerts on any changes not tied to a work ticket. |
|||||||||||||||||||||||||||||||||
| Mode | Indexed | |||||||||||||||||||||||||||||||||
| Type | Static | |||||||||||||||||||||||||||||||||
| Preview | False | |||||||||||||||||||||||||||||||||
| Deprecated | False | |||||||||||||||||||||||||||||||||
| Effect | Fixed audit |
|||||||||||||||||||||||||||||||||
| RBAC role(s) | none | |||||||||||||||||||||||||||||||||
| Rule aliases | none | |||||||||||||||||||||||||||||||||
| Rule resource types | IF (2) Microsoft.Resources/subscriptions Microsoft.Resources/subscriptions/resourceGroups |
|||||||||||||||||||||||||||||||||
| Compliance |
The following 2 compliance controls are associated with this Policy definition 'Microsoft Managed Control 1716 - Software & Information Integrity | Integration Of Detection And Response' (e54c325e-42a0-4dcf-b105-046e0f6f590f)
| |||||||||||||||||||||||||||||||||
| Initiatives usage |
|
|||||||||||||||||||||||||||||||||
| History |
|
|||||||||||||||||||||||||||||||||
| JSON compare |
compare mode:
version left:
version right:
|
|||||||||||||||||||||||||||||||||
| JSON |
|