| Source | Azure Portal | ||
| Display name | Microsoft Managed Control 1449 - Physical Access Authorizations | ||
| Id | f784d3b0-5f2b-49b7-b9f3-00ba8653ced5 | ||
| Version | 1.0.0 Details on versioning |
||
| Versioning |
Versions supported for Versioning: 0 Built-in Versioning [Preview] |
||
| Category | Regulatory Compliance Microsoft Learn |
||
| Description | Microsoft implements this Physical and Environmental Protection control | ||
| Additional metadata |
Name/Id: ACF1449 / Microsoft Managed Control 1449 Category: Physical and Environmental Protection Title: Physical Access Authorizations - Review Access List Ownership: Microsoft Description: The organization: Reviews the access list detailing authorized facility access by individuals Quarterly; and Requirements: The physical security team and datacenter management team conducts a quarterly access review of the access control list to remove or update individual access as necessary. Terminations are handled immediately through the DCAT termination process. If termination of access to the datacenter is required, the DCM team provides the physical security team notification of termination request. Once processed, the DCM team verifies access has been terminated in DCAT. Additionally, the DCAT system performs real time comparisons of access authorization and automatically removes access when access tickets expire. A person with an expired access ticket is escorted back to Security Operations Center to have their access renewed. Azure Third-Party (Leased) Datacenters The DCM of a leased datacenter is responsible for conducting the same access review as a fully-managed Azure datacenter. Instead of reviewing the access levels for the entire datacenter, the DCM requests the access list for the Microsoft areas from the datacenter's security team. The DCM is responsible for ensuring that both the landlord's access system and DCAT reflect the same data. The quarterly access review is conducted in the same manner as a fully-managed Azure datacenter. DCAT requests are used as leased datacenters in a slightly different manner from a fully-managed Azure datacenter. The exception is that the approved DCAT request is emailed by the DCM team to the security team at the leased datacenter. The leased datacenter security team inputs the approved request into the leased datacenter's access tool. Terminations are handled immediately through the DCAT termination process and communication to the leased datacenter's security team. |
||
| Mode | Indexed | ||
| Type | Static | ||
| Preview | False | ||
| Deprecated | False | ||
| Effect | Fixed audit |
||
| RBAC role(s) | none | ||
| Rule aliases | none | ||
| Rule resource types | IF (2) Microsoft.Resources/subscriptions Microsoft.Resources/subscriptions/resourceGroups |
||
| Compliance | Not a Compliance control | ||
| Initiatives usage | none | ||
| History | none | ||
| JSON compare | n/a | ||
| JSON |
|