| Source | Azure Portal | ||||||||||||||||||||||
| Display name | Microsoft Managed Control 1317 - Authenticator Management | ||||||||||||||||||||||
| Id | 8877f519-c166-47b7-81b7-8a8eb4ff3775 | ||||||||||||||||||||||
| Version | 1.0.0 Details on versioning |
||||||||||||||||||||||
| Versioning |
Versions supported for Versioning: 0 Built-in Versioning [Preview] |
||||||||||||||||||||||
| Category | Regulatory Compliance Microsoft Learn |
||||||||||||||||||||||
| Description | Microsoft implements this Identification and Authentication control | ||||||||||||||||||||||
| Cloud environments | AzureCloud = true AzureUSGovernment = true AzureChinaCloud = unknown |
||||||||||||||||||||||
| Available in AzUSGov | The Policy is available in AzureUSGovernment cloud. Version: '1.0.0' Repository: Azure-Policy 8877f519-c166-47b7-81b7-8a8eb4ff3775 |
||||||||||||||||||||||
| Additional metadata |
Name/Id: ACF1317 / Microsoft Managed Control 1317 Category: Identification and Authentication Title: Authenticator Management - Identity Verification Ownership: Customer, Microsoft Description: The organization manages information system authenticators by: Verifying, as part of the initial authenticator distribution, the identity of the individual, group, role, or device receiving the authenticator; Requirements: For personnel supporting Azure services, user accounts within Azure domains tie to accounts of existing Microsoft personnel using their unique Microsoft CorpNet aliases. CorpNet and Azure access are provisioned and managed using separate account management tools. CorpNet account management, using MyAccess, cannot provide access to Azure – it can only provide access to AD security groups that the Azure account management tool, OneIdentity, leverages. The alias is consistent across all of a user's accounts. Azure utilizes the AME and GME domains for access to the Azure environment. These domains are specific to the environment. The identities of accounts are verified during the account request process, where initial authenticator distribution information for new Azure domain accounts are sent to the user's CorpNet e-mail address. Initial authenticator distribution is only sent to the CorpNet e-mail account associated to the provisioning request, after manager approval has been received. Azure-issued smart cards are distributed in person by the C+AI Security smart card support team after confirming the identity of the individual receiving the smart card. |
||||||||||||||||||||||
| Mode | Indexed | ||||||||||||||||||||||
| Type | Static | ||||||||||||||||||||||
| Preview | False | ||||||||||||||||||||||
| Deprecated | False | ||||||||||||||||||||||
| Effect | Fixed audit |
||||||||||||||||||||||
| RBAC role(s) | none | ||||||||||||||||||||||
| Rule aliases | none | ||||||||||||||||||||||
| Rule resource types | IF (2) |
||||||||||||||||||||||
| Compliance |
The following 1 compliance controls are associated with this Policy definition 'Microsoft Managed Control 1317 - Authenticator Management' (8877f519-c166-47b7-81b7-8a8eb4ff3775)
| ||||||||||||||||||||||
| Initiatives usage |
|
||||||||||||||||||||||
| History | none | ||||||||||||||||||||||
| JSON compare | n/a | ||||||||||||||||||||||
| JSON |
|