| Source | Azure Portal | ||||||||||||||||||||||
| Display name | Microsoft Managed Control 1363 - Incident Handling | Automated Incident Handling Processes | ||||||||||||||||||||||
| Id | ea3e8156-89a1-45b1-8bd6-938abc79fdfd | ||||||||||||||||||||||
| Version | 1.0.0 Details on versioning |
||||||||||||||||||||||
| Versioning |
Versions supported for Versioning: 0 Built-in Versioning [Preview] |
||||||||||||||||||||||
| Category | Regulatory Compliance Microsoft Learn |
||||||||||||||||||||||
| Description | Microsoft implements this Incident Response control | ||||||||||||||||||||||
| Additional metadata |
Name/Id: ACF1363 / Microsoft Managed Control 1363 Category: Incident Response Title: Incident Handling | Automated Incident Handling Processes Ownership: Customer, Microsoft Description: The organization employs automated mechanisms to support the incident handling process. Requirements: Azure employs automated mechanisms, including, but not limited to, service team-specific SharePoint and Microsoft Teams sites, Incident Management (IcM), and Service Now (SNow), the security ticket management system, to support the incident handling process such as alerts, notifications, error messages, or other automated warnings through the audit and accountability processes. Upon identification of an incident, service teams create IcM tickets for tracking purposes. The team primarily responsible for resolution takes ownership of the IcM ticket and may create a ticket in Azure DevOps for secondary tracking. These are technical solutions that are available to personnel twenty-four (24) hours a day, seven (7) days a week. Due to the sensitive nature of security incidents, a separate ticketing system, SNow, is employed by the Security Response Team to track and manage security cases. SNow is used in addition to IcM and other tools to provide least privilege and need-to-know implementations. If the incident is security related, the service team may transfer ownership of the IcM ticket, use the “Request Assistance” feature, or report via email to the Security Response Team twenty-four (24) hours a day, seven (7) days a week. |
||||||||||||||||||||||
| Mode | Indexed | ||||||||||||||||||||||
| Type | Static | ||||||||||||||||||||||
| Preview | False | ||||||||||||||||||||||
| Deprecated | False | ||||||||||||||||||||||
| Effect | Fixed audit |
||||||||||||||||||||||
| RBAC role(s) | none | ||||||||||||||||||||||
| Rule aliases | none | ||||||||||||||||||||||
| Rule resource types | IF (2) Microsoft.Resources/subscriptions Microsoft.Resources/subscriptions/resourceGroups |
||||||||||||||||||||||
| Compliance |
The following 1 compliance controls are associated with this Policy definition 'Microsoft Managed Control 1363 - Incident Handling | Automated Incident Handling Processes' (ea3e8156-89a1-45b1-8bd6-938abc79fdfd)
| ||||||||||||||||||||||
| Initiatives usage |
|
||||||||||||||||||||||
| History | none | ||||||||||||||||||||||
| JSON compare | n/a | ||||||||||||||||||||||
| JSON |
|