| Source | Azure Portal | ||
| Display name | Microsoft Managed Control 1625 - Boundary Protection | Access Points | ||
| Id | b9b66a4d-70a1-4b47-8fa1-289cec68c605 | ||
| Version | 1.0.0 Details on versioning |
||
| Versioning |
Versions supported for Versioning: 0 Built-in Versioning [Preview] |
||
| Category | Regulatory Compliance Microsoft Learn |
||
| Description | Microsoft implements this System and Communications Protection control | ||
| Cloud environments | AzureCloud = true AzureUSGovernment = true AzureChinaCloud = unknown |
||
| Available in AzUSGov | The Policy is available in AzureUSGovernment cloud. Version: '1.0.0' Repository: Azure-Policy b9b66a4d-70a1-4b47-8fa1-289cec68c605 |
||
| Additional metadata |
Name/Id: ACF1625 / Microsoft Managed Control 1625 Category: System and Communications Protection Title: Boundary Protection | Access Points Ownership: Customer, Microsoft Description: The organization limits the number of external network connections to the information system. Requirements: Azure controls and monitors all inbound and outbound traffic through a limited number of network access points at the boundary and at key points within Azure. Azure leverages the following security mechanisms to limit the number of external network connections: * Load balancing and limiting inbound access to Azure, Azure Management Portal, front-end (e.g. FFE, XFE, RDFE), and customer VM RDP. Each datacenter contains two groups of Jumpboxes, Debug Servers, and Hop Boxes behind a load balancer to limit the access points for Azure internal traffic, and customer traffic passes through a load balancer as well. Both entry points are monitored and generate audit logs and alerts in near-real time. * Jumpboxes, Debug servers, and Network Hop Boxes control all access to Azure. * Azure services are only accessible to customer users through the Azure provisioning portal and Web Services (REST API) interfaces. |
||
| Mode | Indexed | ||
| Type | Static | ||
| Preview | False | ||
| Deprecated | False | ||
| Effect | Fixed audit |
||
| RBAC role(s) | none | ||
| Rule aliases | none | ||
| Rule resource types | IF (2) |
||
| Compliance | Not a Compliance control | ||
| Initiatives usage | none | ||
| History | none | ||
| JSON compare | n/a | ||
| JSON |
|