| Source | Azure Portal | ||
| Display name | Microsoft Managed Control 1311 - Identifier Management | ||
| Id | e7568697-0c9e-4ea3-9cec-9e567d14f3c6 | ||
| Version | 1.0.0 Details on versioning |
||
| Versioning |
Versions supported for Versioning: 0 Built-in Versioning [Preview] |
||
| Category | Regulatory Compliance Microsoft Learn |
||
| Description | Microsoft implements this Identification and Authentication control | ||
| Additional metadata |
Name/Id: ACF1311 / Microsoft Managed Control 1311 Category: Identification and Authentication Title: Identifier Management - Required Authorization Ownership: Customer, Microsoft Description: The organization manages information system identifiers by: Receiving authorization from management/human resources for user identifiers, administrators for device identifiers to assign an individual, group, role, or device identifier; Requirements: Microsoft implements the identifier management control through the effective use of the corporate network (CorpNet) AD-based user authorization procedures. Microsoft establishes unique identifiers for each user through unique user IDs, based on HR personnel ID numbers. These CorpNet identifiers, known as aliases, are distributed to all Microsoft personnel during the initial CorpNet account creation process. For personnel supporting Azure services, a user account within each Azure domain ties to the user's CorpNet account using his or her unique CorpNet alias. This alias is consistent across all a user's accounts in all Microsoft domains, including Azure. CorpNet and Azure access are provisioned and managed using separate account management tools. Azure utilizes OneIdentity for both identifier and security group management. Azure utilizes the Global Management Environment (GME) and Azure Management Environment (AME) domains for access to the Azure environment. Each domain is specific to the environment. As an example, John Doe's alias is jdoe, with accounts jdoe@redmond.gbl for access to CorpNet and jdoe@ame.gbl for access to Azure Commercial. Device identifiers are authorized by service team users when adding new devices to the network, consistent with configuration management and inventory management procedures. |
||
| Mode | Indexed | ||
| Type | Static | ||
| Preview | False | ||
| Deprecated | False | ||
| Effect | Fixed audit |
||
| RBAC role(s) | none | ||
| Rule aliases | none | ||
| Rule resource types | IF (2) Microsoft.Resources/subscriptions Microsoft.Resources/subscriptions/resourceGroups |
||
| Compliance | Not a Compliance control | ||
| Initiatives usage | none | ||
| History | none | ||
| JSON compare | n/a | ||
| JSON |
|