| Source | Azure Portal | ||
| Display name | Microsoft Managed Control 1627 - Boundary Protection | External Telecommunications Services | ||
| Id | fd73310d-76fc-422d-bda4-3a077149f179 | ||
| Version | 1.0.0 Details on versioning |
||
| Versioning |
Versions supported for Versioning: 0 Built-in Versioning [Preview] |
||
| Category | Regulatory Compliance Microsoft Learn |
||
| Description | Microsoft implements this System and Communications Protection control | ||
| Additional metadata |
Name/Id: ACF1627 / Microsoft Managed Control 1627 Category: System and Communications Protection Title: Boundary Protection | External Telecommunications Services Ownership: Microsoft Description: The organization: Establishes a traffic flow policy for each managed interface; Requirements: The Azure Networking team establishes routing policies and ACLs at the edge to only allow the export of 8075 public blocks to Azure's Border Gateway Protocol (BGP) peers. Edge Access Control Lists (ACLs) are applied inbound from all peering interfaces. The policy explicitly filters non-edge protocols such as SQL, RPC, 445, and 135-139 from entering the network from untrusted sources. Service teams running on top of the fabric customize the routing policies and ACLs necessary for their service. For instance, the Azure Portal needs to be externally accessible, but the JIT Portal does not. |
||
| Mode | Indexed | ||
| Type | Static | ||
| Preview | False | ||
| Deprecated | False | ||
| Effect | Fixed audit |
||
| RBAC role(s) | none | ||
| Rule aliases | none | ||
| Rule resource types | IF (2) Microsoft.Resources/subscriptions Microsoft.Resources/subscriptions/resourceGroups |
||
| Compliance | Not a Compliance control | ||
| Initiatives usage | none | ||
| History | none | ||
| JSON compare | n/a | ||
| JSON |
|