| Source | Azure Portal | ||
| Display name | Microsoft Managed Control 1203 - Access Restrictions For Change | Automated Access Enforcement / Auditing | ||
| Id | f9012d14-e3e6-4d7b-b926-9f37b5537066 | ||
| Version | 1.0.0 Details on versioning |
||
| Versioning |
Versions supported for Versioning: 0 Built-in Versioning [Preview] |
||
| Category | Regulatory Compliance Microsoft Learn |
||
| Description | Microsoft implements this Configuration Management control | ||
| Additional metadata |
Name/Id: ACF1203 / Microsoft Managed Control 1203 Category: Configuration Management Title: Access Restrictions For Change | Automated Access Enforcement / Auditing Ownership: Customer, Microsoft Description: The information system enforces access restrictions and supports auditing of the enforcement actions. Requirements: Servers and Services Service teams use Active Directory (AD) and JIT to control access to change functions. AD defines the access that is available, and JIT provides time-limited permission elevation when users need to use that access. AD and JIT are automated, and actions taken, including account creation, change, disabling, removal for AD and account elevation for JIT, are automatically audited. Network Devices Access restrictions are enforced via logical access security group restrictions. AD employs group membership, which requires security group owners to grant access to a given security group. AAA is integrated with a domain taxonomy of groups and users in AD. Both AD and AAA are supported via auditing mechanisms, which are captured via C+AI Security’s event collection environment. |
||
| Mode | Indexed | ||
| Type | Static | ||
| Preview | False | ||
| Deprecated | False | ||
| Effect | Fixed audit |
||
| RBAC role(s) | none | ||
| Rule aliases | none | ||
| Rule resource types | IF (2) Microsoft.Resources/subscriptions Microsoft.Resources/subscriptions/resourceGroups |
||
| Compliance | Not a Compliance control | ||
| Initiatives usage | none | ||
| History | none | ||
| JSON compare | n/a | ||
| JSON |
|