Repackage NISTSP80053

2023-11-10 15:41:11 +05:30 · 2023-11-10 15:41:11 +05:30 · 6ce02865b7
--- a/Solutions/NISTSP80053/Package/3.0.0.zip
+++ b/Solutions/NISTSP80053/Package/3.0.0.zip
--- a/Solutions/NISTSP80053/Package/createUiDefinition.json
+++ b/Solutions/NISTSP80053/Package/createUiDefinition.json
@ -6,7 +6,7 @@
    "config": {
      "isWizard": false,
      "basics": {
-        "description": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Workbooks/Images/Logos/Azure_Sentinel.svg\"width=\"75px\"height=\"75px\">\n\n**Note:** _There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing._\n\nThis solution enables Compliance Teams, Architects, SecOps Analysts, and Consultants to gain situational awareness for cloud workload security posture. This workbook is designed to augment staffing through automation, visibility, assessment, monitoring and remediation. The Microsoft Sentinel: NIST SP 800-53 R4 solution demonstrates best practice guidance, but Microsoft does not guarantee nor imply compliance. All requirements, validations, and controls are governed by the 💡[National Institute of Standards and Technology (NIST)](https://csrc.nist.gov/publications/detail/sp/800-53/rev-4/archive/2015-01-22). This workbook provides visibility and situational awareness for security capabilities delivered with Microsoft technologies in predominantly cloud-based environments. Customer experience will vary by user and some panels may require additional configurations for operation. Recommendations do not imply coverage of respective controls as they are often one of several courses of action for approaching requirements which is unique to each customer. Recommendations should be considered a starting point for planning full or partial coverage of respective requirements. This workbook does not address all controls within the framework. It should be considered a supplemental tool to gain visibility of technical controls within cloud, multi-cloud, and hybrid networks. For the full listing of respective controls, see the💡[Microsoft Cloud Service Trust Portal](https://servicetrust.microsoft.com/)\n\n**Workbooks:** 1, **Analytic Rules:** 1, **Playbooks:** 3\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
+        "description": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Workbooks/Images/Logos/Azure_Sentinel.svg\"width=\"75px\"height=\"75px\">\n\n**Note:** Please refer to the following before installing the solution: \r \n • Review the solution [Release Notes](https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/NISTSP80053/ReleaseNotes.md)\There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing.\n\nThis solution enables Compliance Teams, Architects, SecOps Analysts, and Consultants to gain situational awareness for cloud workload security posture. This workbook is designed to augment staffing through automation, visibility, assessment, monitoring and remediation. The Microsoft Sentinel: NIST SP 800-53 R4 solution demonstrates best practice guidance, but Microsoft does not guarantee nor imply compliance. All requirements, validations, and controls are governed by the 💡[National Institute of Standards and Technology (NIST)](https://csrc.nist.gov/publications/detail/sp/800-53/rev-4/archive/2015-01-22). This workbook provides visibility and situational awareness for security capabilities delivered with Microsoft technologies in predominantly cloud-based environments. Customer experience will vary by user and some panels may require additional configurations for operation. Recommendations do not imply coverage of respective controls as they are often one of several courses of action for approaching requirements which is unique to each customer. Recommendations should be considered a starting point for planning full or partial coverage of respective requirements. This workbook does not address all controls within the framework. It should be considered a supplemental tool to gain visibility of technical controls within cloud, multi-cloud, and hybrid networks. For the full listing of respective controls, see the💡[Microsoft Cloud Service Trust Portal](https://servicetrust.microsoft.com/)\n\n**Workbooks:** 1, **Analytic Rules:** 1, **Playbooks:** 3\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
        "subscription": {
          "resourceProviders": [
            "Microsoft.OperationsManagement/solutions",
--- a/Solutions/NISTSP80053/Package/mainTemplate.json
+++ b/Solutions/NISTSP80053/Package/mainTemplate.json
--- a/Solutions/NISTSP80053/Playbooks/Create-AzureDevOpsTask-NISTSP80053/Open_DevOpsTaskRecommendation.json
+++ b/Solutions/NISTSP80053/Playbooks/Create-AzureDevOpsTask-NISTSP80053/Open_DevOpsTaskRecommendation.json
--- a/Solutions/NISTSP80053/Playbooks/CreateJiraIssue-NISTSP80053/Open_JIRATicketRecommendation.json
+++ b/Solutions/NISTSP80053/Playbooks/CreateJiraIssue-NISTSP80053/Open_JIRATicketRecommendation.json
--- a/Solutions/NISTSP80053/Playbooks/Notify_GovernanceComplianceTeam-NISTSP80053/Notify_GovernanceComplianceTeam.json
+++ b/Solutions/NISTSP80053/Playbooks/Notify_GovernanceComplianceTeam-NISTSP80053/Notify_GovernanceComplianceTeam.json
--- a/Solutions/NISTSP80053/ReleaseNotes.md
+++ b/Solutions/NISTSP80053/ReleaseNotes.md
@ -0,0 +1,6 @@
+| **Version** | **Date Modified (DD-MM-YYYY)** | **Change History**                                                                            |
+|-------------|--------------------------------|-----------------------------------------------------------------------------------------------|
+| 3.0.0       | 09-11-2023                     |	Changes for rebranding from Azure Active Directory Identity Protection to Microsoft Entra ID Protection |
+                                	  
+         
+                                                                                                                 
--- a/Solutions/NISTSP80053/Workbooks/NISTSP80053.json
+++ b/Solutions/NISTSP80053/Workbooks/NISTSP80053.json
@ -1509,7 +1509,7 @@
          {
            "type": 1,
            "content": {
-              "json": "# [Azure Lighthouse](https://azure.microsoft.com/services/azure-lighthouse/)\r\n---\r\nAzure Lighthouse helps service providers simplify customer engagement and onboarding experiences, while managing delegated resources at scale with agility and precision. Authorized users, groups, and service principals can work directly in the context of a customer subscription without having an account in that customer's Azure Active Directory (Azure AD) tenant or being a co-owner of the customer's tenant. The mechanism used to support this access is called Azure delegated resource management. "
+              "json": "# [Azure Lighthouse](https://azure.microsoft.com/services/azure-lighthouse/)\r\n---\r\nAzure Lighthouse helps service providers simplify customer engagement and onboarding experiences, while managing delegated resources at scale with agility and precision. Authorized users, groups, and service principals can work directly in the context of a customer subscription without having an account in that customer's Microsoft Entra ID tenant or being a co-owner of the customer's tenant. The mechanism used to support this access is called Azure delegated resource management. "
            },
            "customWidth": "40",
            "name": "text - 5"
@ -2203,7 +2203,7 @@
                      {
                        "type": 1,
                        "content": {
-                          "json": "# [Account Management (AC-2)](https://docs.microsoft.com/azure/governance/policy/samples/nist-sp-800-53-r4#account-management) \r\n\r\n\ta. Define and document the types of accounts allowed and specifically prohibited for use within the system;\r\n\tb. Assign account managers;\r\n\tc. Require [Assignment: organization-defined prerequisites and criteria] for group and role membership;\r\n\td. Specify:\r\n\t\t1. Authorized users of the system;\r\n\t\t2. Group and role membership; and\r\n\t\t3. Access authorizations (i.e., privileges) and [Assignment: organization-defined attributes (as required)] for each account;\r\n\te. Require approvals by [Assignment: organization-defined personnel or roles] for requests to create accounts;\r\n\tf. Create, enable, modify, disable, and remove accounts in accordance with [Assignment: organization-defined policy, procedures, prerequisites, and criteria];\r\n\tg. Monitor the use of accounts;\r\n\th. Notify account managers and [Assignment: organization-defined personnel or roles] within:\r\n\t\t1. [Assignment: organization-defined time period] when accounts are no longer required;\r\n\t\t2. [Assignment: organization-defined time period] when users are terminated or transferred; and\r\n\t\t3. [Assignment: organization-defined time period] when system usage or need-to-know changes for an individual;\r\n\ti. Authorize access to the system based on:\r\n\t\t1. A valid access authorization;\r\n\t\t2. Intended system usage; and\r\n\t\t3. [Assignment: organization-defined attributes (as required)];\r\n\tj. Review accounts for compliance with account management requirements [Assignment: organization-defined frequency];\r\n\tk. Establish and implement a process for changing shared or group account authenticators (if deployed) when individuals are removed from the group; and\r\n\tl. Align account management processes with personnel termination and transfer processes.\r\n\r\n### Recommended Logs\r\n🔷 [SigninLogs](https://docs.microsoft.com/azure/azure-monitor/reference/tables/signinlogs) 🔷 [AuditLogs](https://docs.microsoft.com/azure/azure-monitor/reference/tables/auditlogs) 🔷 [AzureActivity](https://docs.microsoft.com/azure/azure-monitor/reference/tables/azureactivity) ✳️ [Azure Active Directory](https://azure.microsoft.com/services/active-directory/)<br>\r\n🔷 [SecurityRegulatoryCompliance](https://docs.microsoft.com/azure/azure-monitor/reference/tables/securityregulatorycompliance)  ✳️ [Microsoft Defender for Cloud](https://azure.microsoft.com/services/security-center/)<br> \r\n🔷 [IdentityInfo](https://docs.microsoft.com/azure/azure-monitor/reference/tables/identityinfo) ✳️ [Microsoft Sentinel](https://azure.microsoft.com/services/azure-sentinel/) <br>\r\n\r\n### Implementation\r\n💡 [Azure Active Directory feature deployment guide](https://docs.microsoft.com/azure/active-directory/fundamentals/active-directory-deployment-checklist-p2)<br>\r\n💡 [Deploying Active Directory Federation Services in Azure](https://docs.microsoft.com/windows-server/identity/ad-fs/deployment/how-to-connect-fed-azure-adfs)<br>\r\n💡 [User sign-in with Azure Active Directory Pass-through Authentication](https://docs.microsoft.com/azure/active-directory/hybrid/how-to-connect-pta)<br>\r\n💡 [Tutorial: Grant a user access to Azure resources using the Azure portal](https://docs.microsoft.com/azure/role-based-access-control/quickstart-assign-role-user-portal)<br>\r\n💡 [Azure RBAC documentation](https://docs.microsoft.com/azure/role-based-access-control/)<br>\r\n\r\n### Microsoft Portals\r\n🔀 [Azure Active Directory](https://portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/Overview) <br>\r\n🔀 [Privileged Identity Management](https://ms.portal.azure.com/#blade/Microsoft_Azure_PIMCommon/CommonMenuBlade/quickStart) <br>\r\n🔀 [Microsoft Defender for Cloud: Regulatory Compliance](https://ms.portal.azure.com/#blade/Microsoft_Azure_Security/SecurityMenuBlade/22) <br>\r\n\r\n### NIST SP 800-53 R5 Guidance\r\n[AC-2]( https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control?version=5.1&number=AC-2)<br>\r\n\r\n### Assessment\r\n"
+                          "json": "# [Account Management (AC-2)](https://docs.microsoft.com/azure/governance/policy/samples/nist-sp-800-53-r4#account-management) \r\n\r\n\ta. Define and document the types of accounts allowed and specifically prohibited for use within the system;\r\n\tb. Assign account managers;\r\n\tc. Require [Assignment: organization-defined prerequisites and criteria] for group and role membership;\r\n\td. Specify:\r\n\t\t1. Authorized users of the system;\r\n\t\t2. Group and role membership; and\r\n\t\t3. Access authorizations (i.e., privileges) and [Assignment: organization-defined attributes (as required)] for each account;\r\n\te. Require approvals by [Assignment: organization-defined personnel or roles] for requests to create accounts;\r\n\tf. Create, enable, modify, disable, and remove accounts in accordance with [Assignment: organization-defined policy, procedures, prerequisites, and criteria];\r\n\tg. Monitor the use of accounts;\r\n\th. Notify account managers and [Assignment: organization-defined personnel or roles] within:\r\n\t\t1. [Assignment: organization-defined time period] when accounts are no longer required;\r\n\t\t2. [Assignment: organization-defined time period] when users are terminated or transferred; and\r\n\t\t3. [Assignment: organization-defined time period] when system usage or need-to-know changes for an individual;\r\n\ti. Authorize access to the system based on:\r\n\t\t1. A valid access authorization;\r\n\t\t2. Intended system usage; and\r\n\t\t3. [Assignment: organization-defined attributes (as required)];\r\n\tj. Review accounts for compliance with account management requirements [Assignment: organization-defined frequency];\r\n\tk. Establish and implement a process for changing shared or group account authenticators (if deployed) when individuals are removed from the group; and\r\n\tl. Align account management processes with personnel termination and transfer processes.\r\n\r\n### Recommended Logs\r\n🔷 [SigninLogs](https://docs.microsoft.com/azure/azure-monitor/reference/tables/signinlogs) 🔷 [AuditLogs](https://docs.microsoft.com/azure/azure-monitor/reference/tables/auditlogs) 🔷 [AzureActivity](https://docs.microsoft.com/azure/azure-monitor/reference/tables/azureactivity) ✳️ [Microsoft Entra ID](https://azure.microsoft.com/services/active-directory/)<br>\r\n🔷 [SecurityRegulatoryCompliance](https://docs.microsoft.com/azure/azure-monitor/reference/tables/securityregulatorycompliance)  ✳️ [Microsoft Defender for Cloud](https://azure.microsoft.com/services/security-center/)<br> \r\n🔷 [IdentityInfo](https://docs.microsoft.com/azure/azure-monitor/reference/tables/identityinfo) ✳️ [Microsoft Sentinel](https://azure.microsoft.com/services/azure-sentinel/) <br>\r\n\r\n### Implementation\r\n💡 [Microsoft Entra ID feature deployment guide](https://docs.microsoft.com/azure/active-directory/fundamentals/active-directory-deployment-checklist-p2)<br>\r\n💡 [Deploying Active Directory Federation Services in Azure](https://docs.microsoft.com/windows-server/identity/ad-fs/deployment/how-to-connect-fed-azure-adfs)<br>\r\n💡 [User sign-in with Microsoft Entra ID Pass-through Authentication](https://docs.microsoft.com/azure/active-directory/hybrid/how-to-connect-pta)<br>\r\n💡 [Tutorial: Grant a user access to Azure resources using the Azure portal](https://docs.microsoft.com/azure/role-based-access-control/quickstart-assign-role-user-portal)<br>\r\n💡 [Azure RBAC documentation](https://docs.microsoft.com/azure/role-based-access-control/)<br>\r\n\r\n### Microsoft Portals\r\n🔀 [Microsoft Entra ID](https://portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/Overview) <br>\r\n🔀 [Privileged Identity Management](https://ms.portal.azure.com/#blade/Microsoft_Azure_PIMCommon/CommonMenuBlade/quickStart) <br>\r\n🔀 [Microsoft Defender for Cloud: Regulatory Compliance](https://ms.portal.azure.com/#blade/Microsoft_Azure_Security/SecurityMenuBlade/22) <br>\r\n\r\n### NIST SP 800-53 R5 Guidance\r\n[AC-2]( https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control?version=5.1&number=AC-2)<br>\r\n\r\n### Assessment\r\n"
                        },
                        "name": "text - 2"
                      },
@ -2409,7 +2409,7 @@
                    "query": "SigninLogs\r\n| where TimeGenerated > ago(90d)\r\n| where ResultType == \"0\"\r\n| summarize arg_max(TimeGenerated, *) by UserPrincipalName\r\n| summarize LastSignIn = datetime_diff(\"day\", now(), max(TimeGenerated)) by UserPrincipalName, LastSignInTime=TimeGenerated, UserId\r\n| where LastSignIn >= 28\r\n| project UserPrincipalName, LastSignIn, LastSignInTime, AADProfile=UserId\r\n| sort by LastSignIn desc\r\n| limit 250\r\n",
                    "size": 0,
                    "showAnalytics": true,
-                    "title": "[AC-2(3)] Account Management | Disable Accounts -- Inactive Azure Active Directory Accounts",
+                    "title": "[AC-2(3)] Account Management | Disable Accounts -- Inactive Microsoft Entra ID Accounts",
                    "noDataMessage": "An Empty Panel Provides Opportunity To Explore Further and Implement Hardening. Controls: Confirm Licensing, Availability, and Health of Respective Offerings. Logging: Confirm Log Source is Onboarded to the Log Analytics Workspace. Time: Adjust the Time Parameter for a Larger Data-Set.   ",
                    "showExportToExcel": true,
                    "queryType": 0,
@ -2529,7 +2529,7 @@
                    "query": "let PreviousRoles = IdentityInfo\r\n| where TimeGenerated > ago(7d)\r\n| extend UserPrincipalName = AccountUPN;\r\nIdentityInfo\r\n| extend UserPrincipalName = AccountUPN\r\n| join (PreviousRoles) on UserPrincipalName\r\n| extend ChangedRoles = set_difference(AssignedRoles, AssignedRoles1)\r\n| extend ChangedGroups = set_difference(GroupMembership, GroupMembership1)\r\n| where ChangedRoles contains \"security\" or ChangedRoles contains \"admin\" or ChangedGroups contains \"security\" or ChangedGroups contains \"admin\"\r\n| join (SigninLogs| extend UserProfile = strcat(\"https://portal.azure.com/#blade/Microsoft_AAD_IAM/UserDetailsMenuBlade/Profile/userId/\", UserId)|project UserPrincipalName, UserProfile, UserId) on UserPrincipalName\r\n| project UserPrincipalName, UserProfile, ChangedRoles, ChangedGroups, ChangeObservedTime=TimeGenerated, UserId\r\n| extend ChangedRoles=strcat(ChangedRoles)\r\n| extend ChangedGroups=strcat(ChangedGroups)\r\n| distinct UserPrincipalName, UserProfile, ChangedRoles, ChangedGroups, ChangeObservedTime, UserId",
                    "size": 0,
                    "showAnalytics": true,
-                    "title": "[AC-2(7)] Account Management | Privileged User Accounts  -- Azure Active Directory Privileged Role/Attribute Changes",
+                    "title": "[AC-2(7)] Account Management | Privileged User Accounts  -- Microsoft Entra ID Privileged Role/Attribute Changes",
                    "noDataMessage": "An Empty Panel Provides Opportunity To Explore Further and Implement Hardening. Controls: Confirm Licensing, Availability, and Health of Respective Offerings. Logging: Confirm Log Source is Onboarded to the Log Analytics Workspace. Time: Adjust the Time Parameter for a Larger Data-Set.   ",
                    "timeContextFromParameter": "TimeRange",
                    "showExportToExcel": true,
@ -2951,7 +2951,7 @@
                      {
                        "type": 1,
                        "content": {
-                          "json": "# [Access Enforcement (AC-3)](https://docs.microsoft.com/azure/governance/policy/samples/nist-sp-800-53-r4?WT.mc_id=Portal-fx#access-enforcement)\r\n\r\nEnforce approved authorizations for logical access to information and system resources in accordance with applicable access control policies.\r\n\r\n### Recommended Logs\r\n🔷 [SecurityRegulatoryCompliance](https://docs.microsoft.com/azure/azure-monitor/reference/tables/securityregulatorycompliance) ✳️ [Microsoft Defender for Cloud](https://azure.microsoft.com/services/security-center/)<br>  \r\n\r\n### Implementation\r\n💡 [What is Azure role-based access control (Azure RBAC)?](https://docs.microsoft.com/azure/role-based-access-control/overview)<br>\r\n💡 [Azure Active Directory Identity Governance documentation](https://docs.microsoft.com/azure/active-directory/governance/)<br>\r\n💡 [What is Azure AD Privileged Identity Management?](https://docs.microsoft.com/azure/active-directory/privileged-identity-management/pim-configure)<br>\r\n💡 [Enable and request just-in-time access for Azure Managed Applications](https://docs.microsoft.com/azure/azure-resource-manager/managed-applications/request-just-in-time-access)<br>\r\n💡 [How it works: Azure AD Multi-Factor Authentication](https://docs.microsoft.com/azure/active-directory/authentication/concept-mfa-howitworks)<br>\r\n\r\n### Microsoft Portals\r\n🔀 [Azure Active Directory](https://portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/Overview) <br>\r\n🔀 [Microsoft Defender for Cloud: Regulatory Compliance](https://portal.azure.com/#blade/Microsoft_Azure_Security/SecurityMenuBlade/22)<br>\r\n\r\n### NIST SP 800-53 Guidance\r\n[AC-3](https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control?version=5.1&number=AC-3)<br>\r\n\r\n### Assessment\r\n"
+                          "json": "# [Access Enforcement (AC-3)](https://docs.microsoft.com/azure/governance/policy/samples/nist-sp-800-53-r4?WT.mc_id=Portal-fx#access-enforcement)\r\n\r\nEnforce approved authorizations for logical access to information and system resources in accordance with applicable access control policies.\r\n\r\n### Recommended Logs\r\n🔷 [SecurityRegulatoryCompliance](https://docs.microsoft.com/azure/azure-monitor/reference/tables/securityregulatorycompliance) ✳️ [Microsoft Defender for Cloud](https://azure.microsoft.com/services/security-center/)<br>  \r\n\r\n### Implementation\r\n💡 [What is Azure role-based access control (Azure RBAC)?](https://docs.microsoft.com/azure/role-based-access-control/overview)<br>\r\n💡 [Microsoft Entra ID Identity Governance documentation](https://docs.microsoft.com/azure/active-directory/governance/)<br>\r\n💡 [What is Microsoft Entra ID Privileged Identity Management?](https://docs.microsoft.com/azure/active-directory/privileged-identity-management/pim-configure)<br>\r\n💡 [Enable and request just-in-time access for Azure Managed Applications](https://docs.microsoft.com/azure/azure-resource-manager/managed-applications/request-just-in-time-access)<br>\r\n💡 [How it works: Microsoft Entra ID Multi-Factor Authentication](https://docs.microsoft.com/azure/active-directory/authentication/concept-mfa-howitworks)<br>\r\n\r\n### Microsoft Portals\r\n🔀 [Microsoft Entra ID](https://portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/Overview) <br>\r\n🔀 [Microsoft Defender for Cloud: Regulatory Compliance](https://portal.azure.com/#blade/Microsoft_Azure_Security/SecurityMenuBlade/22)<br>\r\n\r\n### NIST SP 800-53 Guidance\r\n[AC-3](https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control?version=5.1&number=AC-3)<br>\r\n\r\n### Assessment\r\n"
                        },
                        "name": "text - 2"
                      },
@ -3343,7 +3343,7 @@
                      {
                        "type": 1,
                        "content": {
-                          "json": "# [Separation of Duties (AC-5)](https://docs.microsoft.com/azure/governance/policy/samples/nist-sp-800-53-r4?WT.mc_id=Portal-fx#separation-of-duties)\r\n\r\n\ta. Identify and document [Assignment: organization-defined duties of individuals requiring separation]; and\r\n\tb. Define system access authorizations to support separation of duties.\r\n\r\n### Recommended Logs\r\n🔷 [SigninLogs](https://docs.microsoft.com/azure/azure-monitor/reference/tables/signinlogs) ✳️ [Azure Active Directory](https://azure.microsoft.com/services/active-directory/)<br>\r\n🔷 [IdentityInfo](https://docs.microsoft.com/azure/azure-monitor/reference/tables/identityinfo) ✳️ [Microsoft Sentinel](https://azure.microsoft.com/services/azure-sentinel/) <br>\r\n\r\n### Implementation\r\n💡 [What is Azure role-based access control (Azure RBAC)?](https://docs.microsoft.com/azure/role-based-access-control/overview)<br>\r\n💡 [Azure custom roles](https://docs.microsoft.com/azure/role-based-access-control/custom-roles)<br>\r\n💡 [Steps to assign an Azure role](https://docs.microsoft.com/azure/role-based-access-control/role-assignments-steps)<br>\r\n💡 [What is Azure AD Privileged Identity Management?](https://docs.microsoft.com/azure/active-directory/privileged-identity-management/pim-configure)<br>\r\n💡 [Enable and request just-in-time access for Azure Managed Applications](https://docs.microsoft.com/azure/azure-resource-manager/managed-applications/request-just-in-time-access)<br>\r\n\r\n### Microsoft Portals\r\n🔀 [Azure Active Directory](https://portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/Overview) <br>\r\n🔀 [Azure AD: Privileged Identity Management](https://portal.azure.com/#blade/Microsoft_Azure_PIMCommon/CommonMenuBlade/quickStart) <br>\r\n\r\n### NIST SP 800-53 Guidance\r\n[AC-5](https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control?version=5.1&number=AC-5)<br>\r\n\r\n### Assessment\r\n"
+                          "json": "# [Separation of Duties (AC-5)](https://docs.microsoft.com/azure/governance/policy/samples/nist-sp-800-53-r4?WT.mc_id=Portal-fx#separation-of-duties)\r\n\r\n\ta. Identify and document [Assignment: organization-defined duties of individuals requiring separation]; and\r\n\tb. Define system access authorizations to support separation of duties.\r\n\r\n### Recommended Logs\r\n🔷 [SigninLogs](https://docs.microsoft.com/azure/azure-monitor/reference/tables/signinlogs) ✳️ [Microsoft Entra ID](https://azure.microsoft.com/services/active-directory/)<br>\r\n🔷 [IdentityInfo](https://docs.microsoft.com/azure/azure-monitor/reference/tables/identityinfo) ✳️ [Microsoft Sentinel](https://azure.microsoft.com/services/azure-sentinel/) <br>\r\n\r\n### Implementation\r\n💡 [What is Azure role-based access control (Azure RBAC)?](https://docs.microsoft.com/azure/role-based-access-control/overview)<br>\r\n💡 [Azure custom roles](https://docs.microsoft.com/azure/role-based-access-control/custom-roles)<br>\r\n💡 [Steps to assign an Azure role](https://docs.microsoft.com/azure/role-based-access-control/role-assignments-steps)<br>\r\n💡 [What is Microsoft Entra ID Privileged Identity Management?](https://docs.microsoft.com/azure/active-directory/privileged-identity-management/pim-configure)<br>\r\n💡 [Enable and request just-in-time access for Azure Managed Applications](https://docs.microsoft.com/azure/azure-resource-manager/managed-applications/request-just-in-time-access)<br>\r\n\r\n### Microsoft Portals\r\n🔀 [Microsoft Entra ID](https://portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/Overview) <br>\r\n🔀 [Microsoft Entra ID: Privileged Identity Management](https://portal.azure.com/#blade/Microsoft_Azure_PIMCommon/CommonMenuBlade/quickStart) <br>\r\n\r\n### NIST SP 800-53 Guidance\r\n[AC-5](https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control?version=5.1&number=AC-5)<br>\r\n\r\n### Assessment\r\n"
                        },
                        "name": "text - 2"
                      },
@ -3547,7 +3547,7 @@
                      {
                        "type": 1,
                        "content": {
-                          "json": "# [Least Privilege (AC-6)](https://docs.microsoft.com/azure/governance/policy/samples/nist-sp-800-53-r4?WT.mc_id=Portal-fx#least-privilege)\r\n\r\nEmploy the principle of least privilege, allowing only authorized accesses for users (or processes acting on behalf of users) that are necessary to accomplish assigned organizational tasks.\r\n\r\n### Recommended Logs\r\n🔷 [AuditLogs](https://docs.microsoft.com/azure/azure-monitor/reference/tables/auditlogs?WT.mc_id=Portal-fx) ✳️ [Azure Active Directory](https://azure.microsoft.com/services/active-directory/)<br> \r\n\r\n### Implementation\r\n💡 [What is Azure role-based access control (Azure RBAC)?](https://docs.microsoft.com/azure/role-based-access-control/overview)<br>\r\n💡 [What is Azure AD Privileged Identity Management?](https://docs.microsoft.com/azure/active-directory/privileged-identity-management/pim-configure)<br>\r\n💡 [Enable and request just-in-time access for Azure Managed Applications](https://docs.microsoft.com/azure/azure-resource-manager/managed-applications/request-just-in-time-access)<br>\r\n💡 [Office 365 Security & Compliance: Enable Auditing for Admins](https://docs.microsoft.com/microsoft-365/compliance/turn-audit-log-search-on-or-off)<br>\r\n💡 [Audited Activities](https://docs.microsoft.com/microsoft-365/compliance/search-the-audit-log-in-security-and-compliance)<br>\r\n💡 [Use audit logs to track and monitor events in Microsoft Intune](https://docs.microsoft.com/mem/intune/fundamentals/monitor-audit-logs)<br>\r\n\r\n### Microsoft Portals\r\n🔀 [Azure Active Directory](https://portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/Overview) <br>\r\n🔀 [Azure AD: Privileged Identity Management](https://portal.azure.com/#blade/Microsoft_Azure_PIMCommon/CommonMenuBlade/quickStart) <br>\r\n🔀 [Microsoft 365 Compliance: Audit](https://compliance.microsoft.com/auditlogsearch?viewid=Test%20Tab) <br>\r\n🔀 [Microsoft Endpoint Manager Admin Center](https://endpoint.microsoft.com/) <br>\r\n\r\n### NIST SP 800-53 Guidance\r\n[AC-6](https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control?version=5.1&number=AC-6)<br>\r\n\r\n### Assessment\r\n"
+                          "json": "# [Least Privilege (AC-6)](https://docs.microsoft.com/azure/governance/policy/samples/nist-sp-800-53-r4?WT.mc_id=Portal-fx#least-privilege)\r\n\r\nEmploy the principle of least privilege, allowing only authorized accesses for users (or processes acting on behalf of users) that are necessary to accomplish assigned organizational tasks.\r\n\r\n### Recommended Logs\r\n🔷 [AuditLogs](https://docs.microsoft.com/azure/azure-monitor/reference/tables/auditlogs?WT.mc_id=Portal-fx) ✳️ [Microsoft Entra ID](https://azure.microsoft.com/services/active-directory/)<br> \r\n\r\n### Implementation\r\n💡 [What is Azure role-based access control (Azure RBAC)?](https://docs.microsoft.com/azure/role-based-access-control/overview)<br>\r\n💡 [What is Microsoft Entra ID Privileged Identity Management?](https://docs.microsoft.com/azure/active-directory/privileged-identity-management/pim-configure)<br>\r\n💡 [Enable and request just-in-time access for Azure Managed Applications](https://docs.microsoft.com/azure/azure-resource-manager/managed-applications/request-just-in-time-access)<br>\r\n💡 [Office 365 Security & Compliance: Enable Auditing for Admins](https://docs.microsoft.com/microsoft-365/compliance/turn-audit-log-search-on-or-off)<br>\r\n💡 [Audited Activities](https://docs.microsoft.com/microsoft-365/compliance/search-the-audit-log-in-security-and-compliance)<br>\r\n💡 [Use audit logs to track and monitor events in Microsoft Intune](https://docs.microsoft.com/mem/intune/fundamentals/monitor-audit-logs)<br>\r\n\r\n### Microsoft Portals\r\n🔀 [Microsoft Entra ID](https://portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/Overview) <br>\r\n🔀 [ Microsoft Entra ID : Privileged Identity Management](https://portal.azure.com/#blade/Microsoft_Azure_PIMCommon/CommonMenuBlade/quickStart) <br>\r\n🔀 [Microsoft 365 Compliance: Audit](https://compliance.microsoft.com/auditlogsearch?viewid=Test%20Tab) <br>\r\n🔀 [Microsoft Endpoint Manager Admin Center](https://endpoint.microsoft.com/) <br>\r\n\r\n### NIST SP 800-53 Guidance\r\n[AC-6](https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control?version=5.1&number=AC-6)<br>\r\n\r\n### Assessment\r\n"
                        },
                        "name": "text - 2"
                      },
@ -3766,7 +3766,7 @@
                      {
                        "type": 1,
                        "content": {
-                          "json": "# [Unsuccessful Logon Attempts (AC-7)](https://docs.microsoft.com/azure/governance/policy/samples/nist-sp-800-53-r4?WT.mc_id=Portal-fx#unsuccessful-logon-attempts)\r\n\r\n\ta. Enforce a limit of [Assignment: organization-defined number] consecutive invalid logon attempts by a user during a [Assignment: organization-defined time period]; and\r\n\tb. Automatically [Selection (one or more): lock the account or node for an [Assignment: organization-defined time period]; lock the account or node until released by an administrator; delay next logon prompt per [Assignment: organization-defined delay algorithm]; notify system administrator; take other [Assignment: organization-defined action]] when the maximum number of unsuccessful attempts is exceeded.\r\n\r\n### Recommended Logs\r\n🔷 [SigninLogs](https://docs.microsoft.com/azure/azure-monitor/reference/tables/signinlogs) ✳️ [Azure Active Directory](https://azure.microsoft.com/services/active-directory/)<br>\r\n\r\n### Implementation\r\n💡 [Protect user accounts from attacks with Azure Active Directory smart lockout](https://docs.microsoft.com/azure/active-directory/authentication/howto-password-smart-lockout)<br>\r\n💡 [Manage Azure AD smart lockout values](https://docs.microsoft.com/azure/active-directory/authentication/howto-password-smart-lockout#manage-azure-ad-smart-lockout-values)<br>\r\n\r\n### Microsoft Portals\r\n🔀 [Azure Active Directory](https://portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/Overview) <br>\r\n\r\n### NIST SP 800-53 Guidance\r\n[AC-7](https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control?version=5.1&number=AC-7)<br>\r\n\r\n### Assessment\r\n"
+                          "json": "# [Unsuccessful Logon Attempts (AC-7)](https://docs.microsoft.com/azure/governance/policy/samples/nist-sp-800-53-r4?WT.mc_id=Portal-fx#unsuccessful-logon-attempts)\r\n\r\n\ta. Enforce a limit of [Assignment: organization-defined number] consecutive invalid logon attempts by a user during a [Assignment: organization-defined time period]; and\r\n\tb. Automatically [Selection (one or more): lock the account or node for an [Assignment: organization-defined time period]; lock the account or node until released by an administrator; delay next logon prompt per [Assignment: organization-defined delay algorithm]; notify system administrator; take other [Assignment: organization-defined action]] when the maximum number of unsuccessful attempts is exceeded.\r\n\r\n### Recommended Logs\r\n🔷 [SigninLogs](https://docs.microsoft.com/azure/azure-monitor/reference/tables/signinlogs) ✳️ [Microsoft Entra ID](https://azure.microsoft.com/services/active-directory/)<br>\r\n\r\n### Implementation\r\n💡 [Protect user accounts from attacks with Microsoft Entra ID smart lockout](https://docs.microsoft.com/azure/active-directory/authentication/howto-password-smart-lockout)<br>\r\n💡 [Manage Microsoft Entra ID smart lockout values](https://docs.microsoft.com/azure/active-directory/authentication/howto-password-smart-lockout#manage-azure-ad-smart-lockout-values)<br>\r\n\r\n### Microsoft Portals\r\n🔀 [Microsoft Entra ID](https://portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/Overview) <br>\r\n\r\n### NIST SP 800-53 Guidance\r\n[AC-7](https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control?version=5.1&number=AC-7)<br>\r\n\r\n### Assessment\r\n"
                        },
                        "name": "text - 2"
                      },
@ -3964,7 +3964,7 @@
                      {
                        "type": 1,
                        "content": {
-                          "json": "# [System Use Notification (AC-8)](https://docs.microsoft.com/azure/governance/policy/samples/nist-sp-800-53-r4?WT.mc_id=Portal-fx#system-use-notification)\r\n\r\n\ta. Display [Assignment: organization-defined system use notification message or banner] to users before granting access to the system that provides privacy and security notices consistent with applicable laws, executive orders, directives, regulations, policies, standards, and guidelines and state that:\r\n\t\t1. Users are accessing a U.S. Government system;\r\n\t\t2. System usage may be monitored, recorded, and subject to audit;\r\n\t\t3. Unauthorized use of the system is prohibited and subject to criminal and civil penalties; and\r\n\t\t4. Use of the system indicates consent to monitoring and recording;\r\n\tb. Retain the notification message or banner on the screen until users acknowledge the usage conditions and take explicit actions to log on to or further access the system; and\r\n\tc. For publicly accessible systems:\r\n\t\t1. Display system use information [Assignment: organization-defined conditions], before granting further access to the publicly accessible system;\r\n\t\t2. Display references, if any, to monitoring, recording, or auditing that are consistent with privacy accommodations for such systems that generally prohibit those activities; and\r\n\t\t3. Include a description of the authorized uses of the system.\r\n\r\n🔷 [SecurityBaselines](https://docs.microsoft.com/azure/azure-monitor/reference/tables/securitybaseline) ✳️ [Microsoft Defender for Cloud](https://azure.microsoft.com/services/security-center/)<br> \r\n\r\n### Implementation\r\n💡 [Azure Active Directory terms of use](https://docs.microsoft.com/azure/active-directory/conditional-access/terms-of-use)<br>\r\n💡 [Create terms and conditions](https://docs.microsoft.com/mem/intune/enrollment/terms-and-conditions-create#create-terms-and-conditions)<br>\r\n💡 [Choosing the right Terms solution for your organization](https://techcommunity.microsoft.com/t5/intune-customer-success/choosing-the-right-terms-solution-for-your-organization/ba-p/280180)<br>\r\n💡 [Apply Azure security baselines to machines](https://docs.microsoft.com/azure/defender-for-cloud/apply-security-baseline)<br>\r\n\r\n### Microsoft Portals\r\n🔀 [Azure Active Directory: Conditional Access - Terms of Use](https://portal.azure.com/#blade/Microsoft_AAD_IAM/ConditionalAccessBlade/TermsOfUse)<br>\r\n🔀 [Microsoft Endpoint Manager Admin Center: Terms & Conditions](https://endpoint.microsoft.com/#blade/Microsoft_Intune_DeviceSettings/TenantAdminMenu/termsAndConditions)<br>\r\n🔀 [Microsoft Defender for Cloud: Recommendations](https://portal.azure.com/#blade/Microsoft_Azure_Security/SecurityMenuBlade/5)<br>\r\n\r\n### NIST SP 800-53 Guidance\r\n[AC-8](https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control?version=5.1&number=AC-8)<br>\r\n\r\n### Assessment\r\n"
+                          "json": "# [System Use Notification (AC-8)](https://docs.microsoft.com/azure/governance/policy/samples/nist-sp-800-53-r4?WT.mc_id=Portal-fx#system-use-notification)\r\n\r\n\ta. Display [Assignment: organization-defined system use notification message or banner] to users before granting access to the system that provides privacy and security notices consistent with applicable laws, executive orders, directives, regulations, policies, standards, and guidelines and state that:\r\n\t\t1. Users are accessing a U.S. Government system;\r\n\t\t2. System usage may be monitored, recorded, and subject to audit;\r\n\t\t3. Unauthorized use of the system is prohibited and subject to criminal and civil penalties; and\r\n\t\t4. Use of the system indicates consent to monitoring and recording;\r\n\tb. Retain the notification message or banner on the screen until users acknowledge the usage conditions and take explicit actions to log on to or further access the system; and\r\n\tc. For publicly accessible systems:\r\n\t\t1. Display system use information [Assignment: organization-defined conditions], before granting further access to the publicly accessible system;\r\n\t\t2. Display references, if any, to monitoring, recording, or auditing that are consistent with privacy accommodations for such systems that generally prohibit those activities; and\r\n\t\t3. Include a description of the authorized uses of the system.\r\n\r\n🔷 [SecurityBaselines](https://docs.microsoft.com/azure/azure-monitor/reference/tables/securitybaseline) ✳️ [Microsoft Defender for Cloud](https://azure.microsoft.com/services/security-center/)<br> \r\n\r\n### Implementation\r\n💡 [Microsoft Entra ID terms of use](https://docs.microsoft.com/azure/active-directory/conditional-access/terms-of-use)<br>\r\n💡 [Create terms and conditions](https://docs.microsoft.com/mem/intune/enrollment/terms-and-conditions-create#create-terms-and-conditions)<br>\r\n💡 [Choosing the right Terms solution for your organization](https://techcommunity.microsoft.com/t5/intune-customer-success/choosing-the-right-terms-solution-for-your-organization/ba-p/280180)<br>\r\n💡 [Apply Azure security baselines to machines](https://docs.microsoft.com/azure/defender-for-cloud/apply-security-baseline)<br>\r\n\r\n### Microsoft Portals\r\n🔀 [Microsoft Entra ID: Conditional Access - Terms of Use](https://portal.azure.com/#blade/Microsoft_AAD_IAM/ConditionalAccessBlade/TermsOfUse)<br>\r\n🔀 [Microsoft Endpoint Manager Admin Center: Terms & Conditions](https://endpoint.microsoft.com/#blade/Microsoft_Intune_DeviceSettings/TenantAdminMenu/termsAndConditions)<br>\r\n🔀 [Microsoft Defender for Cloud: Recommendations](https://portal.azure.com/#blade/Microsoft_Azure_Security/SecurityMenuBlade/5)<br>\r\n\r\n### NIST SP 800-53 Guidance\r\n[AC-8](https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control?version=5.1&number=AC-8)<br>\r\n\r\n### Assessment\r\n"
                        },
                        "name": "text - 2"
                      },
@ -4155,7 +4155,7 @@
                      {
                        "type": 1,
                        "content": {
-                          "json": "# [Session Control (AC-11)](https://docs.microsoft.com/azure/governance/policy/samples/nist-sp-800-53-r4?WT.mc_id=Portal-fx#session-lock)\r\n\r\n\ta. Prevent further access to the system by [Selection (one or more): initiating a device lock after [Assignment: organization-defined time period] of inactivity; requiring the user to initiate a device lock before leaving the system unattended]; and\r\n\tb. Retain the device lock until the user reestablishes access using established identification and authentication procedures.\r\n\r\n### Recommended Logs\r\n🔷 [SecurityBaselines](https://docs.microsoft.com/azure/azure-monitor/reference/tables/securitybaseline) ✳️ [Microsoft Defender for Cloud](https://azure.microsoft.com/services/security-center/)<br> \r\n\r\n### Implementation\r\n💡 [Require device to be marked as compliant](https://docs.microsoft.com/azure/active-directory/conditional-access/concept-conditional-access-grant#require-device-to-be-marked-as-compliant)<br>\r\n💡 [Locked screen experience](https://docs.microsoft.com/mem/intune/configuration/device-restrictions-windows-10#locked-screen-experience)<br>\r\n💡 [Password box](https://docs.microsoft.com/windows/apps/design/controls/password-box)<br>\r\n💡 [Policy CSP - CredentialsUI](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-credentialsui)<br>\r\n💡 [Interactive logon: Machine inactivity limit](https://docs.microsoft.com/windows/security/threat-protection/security-policy-settings/interactive-logon-machine-inactivity-limit)<br>\r\n💡 [Account Lockout Policy](https://docs.microsoft.com/windows/security/threat-protection/security-policy-settings/account-lockout-policy)<br>\r\n💡 [Disable Password Reveal Option](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-credentialsui#credentialsui-disablepasswordreveal)<br>\r\n💡 [Apply Azure security baselines to machines](https://docs.microsoft.com/azure/defender-for-cloud/apply-security-baseline)<br>\r\n\r\n### Microsoft Portals\r\n🔀 [Azure AD: Conditional Access](https://portal.azure.com/#blade/Microsoft_AAD_IAM/ConditionalAccessBlade/Policies) <br>\r\n🔀 [Microsoft Endpoint Manager Admin Center](https://endpoint.microsoft.com/#home)<br>\r\n\r\n### NIST SP 800-53 Guidance\r\n[AC-11](https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control?version=5.1&number=AC-11)<br>\r\n\r\n### Assessment\r\n"
+                          "json": "# [Session Control (AC-11)](https://docs.microsoft.com/azure/governance/policy/samples/nist-sp-800-53-r4?WT.mc_id=Portal-fx#session-lock)\r\n\r\n\ta. Prevent further access to the system by [Selection (one or more): initiating a device lock after [Assignment: organization-defined time period] of inactivity; requiring the user to initiate a device lock before leaving the system unattended]; and\r\n\tb. Retain the device lock until the user reestablishes access using established identification and authentication procedures.\r\n\r\n### Recommended Logs\r\n🔷 [SecurityBaselines](https://docs.microsoft.com/azure/azure-monitor/reference/tables/securitybaseline) ✳️ [Microsoft Defender for Cloud](https://azure.microsoft.com/services/security-center/)<br> \r\n\r\n### Implementation\r\n💡 [Require device to be marked as compliant](https://docs.microsoft.com/azure/active-directory/conditional-access/concept-conditional-access-grant#require-device-to-be-marked-as-compliant)<br>\r\n💡 [Locked screen experience](https://docs.microsoft.com/mem/intune/configuration/device-restrictions-windows-10#locked-screen-experience)<br>\r\n💡 [Password box](https://docs.microsoft.com/windows/apps/design/controls/password-box)<br>\r\n💡 [Policy CSP - CredentialsUI](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-credentialsui)<br>\r\n💡 [Interactive logon: Machine inactivity limit](https://docs.microsoft.com/windows/security/threat-protection/security-policy-settings/interactive-logon-machine-inactivity-limit)<br>\r\n💡 [Account Lockout Policy](https://docs.microsoft.com/windows/security/threat-protection/security-policy-settings/account-lockout-policy)<br>\r\n💡 [Disable Password Reveal Option](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-credentialsui#credentialsui-disablepasswordreveal)<br>\r\n💡 [Apply Azure security baselines to machines](https://docs.microsoft.com/azure/defender-for-cloud/apply-security-baseline)<br>\r\n\r\n### Microsoft Portals\r\n🔀 [Microsoft Entra ID: Conditional Access](https://portal.azure.com/#blade/Microsoft_AAD_IAM/ConditionalAccessBlade/Policies) <br>\r\n🔀 [Microsoft Endpoint Manager Admin Center](https://endpoint.microsoft.com/#home)<br>\r\n\r\n### NIST SP 800-53 Guidance\r\n[AC-11](https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control?version=5.1&number=AC-11)<br>\r\n\r\n### Assessment\r\n"
                        },
                        "name": "text - 2"
                      },
@ -4384,7 +4384,7 @@
                      {
                        "type": 1,
                        "content": {
-                          "json": "# [Session Termination (AC-12)](https://docs.microsoft.com/azure/governance/policy/samples/nist-sp-800-53-r4?WT.mc_id=Portal-fx#session-termination)\r\n\r\nAutomatically terminate a user session after [Assignment: organization-defined conditions or trigger events requiring session disconnect].\r\n\r\n### Recommended Logs\r\n🔷 [AADUserRiskEvents](https://docs.microsoft.com/azure/azure-monitor/reference/tables/aaduserriskevents) ✳️ [Azure Active Directory](https://azure.microsoft.com/services/active-directory/)<br>\r\n\r\n### Implementation\r\n💡 [Conditional Access: Sign-in risk-based Conditional Access](https://docs.microsoft.com/azure/active-directory/conditional-access/howto-conditional-access-policy-risk)<br>\r\n💡 [Conditional Access: User risk-based Conditional Access](https://docs.microsoft.com/azure/active-directory/conditional-access/howto-conditional-access-policy-risk-user)<br>\r\n💡 [Continuous access evaluation](https://docs.microsoft.com/azure/active-directory/conditional-access/concept-continuous-access-evaluation)<br>\r\n💡 [Account lockout threshold](https://docs.microsoft.com/windows/security/threat-protection/security-policy-settings/account-lockout-threshold)<br>\r\n💡 [Protecting your organization against password spray attacks](https://www.microsoft.com/security/blog/2020/04/23/protecting-organization-password-spray-attacks/)<br>\r\n💡 [Protect user accounts from attacks with Azure Active Directory smart lockout](https://docs.microsoft.com/azure/active-directory/authentication/howto-password-smart-lockout)<br>\r\n💡 [AD FS Extranet Lockout and Extranet Smart Lockout](https://docs.microsoft.com/windows-server/identity/ad-fs/operations/configure-ad-fs-extranet-smart-lockout-protection)<br>\r\n\r\n### Microsoft Portals\r\n🔀 [Azure Active Directory: Risky Sign-Ins](https://portal.azure.com/#blade/Microsoft_AAD_IAM/RiskySignInsBlade) <br>\r\n\r\n### NIST SP 800-53 Guidance\r\n[AC-12](https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control?version=5.1&number=AC-12)<br>\r\n\r\n### Assessment\r\n"
+                          "json": "# [Session Termination (AC-12)](https://docs.microsoft.com/azure/governance/policy/samples/nist-sp-800-53-r4?WT.mc_id=Portal-fx#session-termination)\r\n\r\nAutomatically terminate a user session after [Assignment: organization-defined conditions or trigger events requiring session disconnect].\r\n\r\n### Recommended Logs\r\n🔷 [AADUserRiskEvents](https://docs.microsoft.com/azure/azure-monitor/reference/tables/aaduserriskevents) ✳️ [](https://azure.microsoft.com/services/active-directory/)<br>\r\n\r\n### Implementation\r\n💡 [Conditional Access: Sign-in risk-based Conditional Access](https://docs.microsoft.com/azure/active-directory/conditional-access/howto-conditional-access-policy-risk)<br>\r\n💡 [Conditional Access: User risk-based Conditional Access](https://docs.microsoft.com/azure/active-directory/conditional-access/howto-conditional-access-policy-risk-user)<br>\r\n💡 [Continuous access evaluation](https://docs.microsoft.com/azure/active-directory/conditional-access/concept-continuous-access-evaluation)<br>\r\n💡 [Account lockout threshold](https://docs.microsoft.com/windows/security/threat-protection/security-policy-settings/account-lockout-threshold)<br>\r\n💡 [Protecting your organization against password spray attacks](https://www.microsoft.com/security/blog/2020/04/23/protecting-organization-password-spray-attacks/)<br>\r\n💡 [Protect user accounts from attacks with Microsoft Entra ID smart lockout](https://docs.microsoft.com/azure/active-directory/authentication/howto-password-smart-lockout)<br>\r\n💡 [AD FS Extranet Lockout and Extranet Smart Lockout](https://docs.microsoft.com/windows-server/identity/ad-fs/operations/configure-ad-fs-extranet-smart-lockout-protection)<br>\r\n\r\n### Microsoft Portals\r\n🔀 [Microsoft Entra ID: Risky Sign-Ins](https://portal.azure.com/#blade/Microsoft_AAD_IAM/RiskySignInsBlade) <br>\r\n\r\n### NIST SP 800-53 Guidance\r\n[AC-12](https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control?version=5.1&number=AC-12)<br>\r\n\r\n### Assessment\r\n"
                        },
                        "name": "text - 2"
                      },
@ -4662,7 +4662,7 @@
                      {
                        "type": 1,
                        "content": {
-                          "json": "# [Security Attributes (AC-16)](https://docs.microsoft.com/azure/governance/policy/samples/nist-sp-800-53-r4?WT.mc_id=Portal-fx#security-attributes)\r\n\r\n\ta. Provide the means to associate [Assignment: organization-defined types of security and privacy attributes] with [Assignment: organization-defined security and privacy attribute values] for information in storage, in process, and/or in transmission;\r\n\tb. Ensure that the attribute associations are made and retained with the information;\r\n\tc. Establish the following permitted security and privacy attributes from the attributes defined in AC-16a for [Assignment: organization-defined systems]: [Assignment: organization-defined security and privacy attributes];\r\n\td. Determine the following permitted attribute values or ranges for each of the established attributes: [Assignment: organization-defined attribute values or ranges for established attributes];\r\n\te. Audit changes to attributes; and\r\n\tf. Review [Assignment: organization-defined security and privacy attributes] for applicability [Assignment: organization-defined frequency].\r\n\r\n### Recommended Logs\r\n🔷 [InformationProtectionEvents](https://docs.microsoft.com/azure/information-protection/audit-logs) ✳️ [Azure Information Protection](https://azure.microsoft.com/services/information-protection/)<br>\r\n\r\n### Implementation\r\n💡 [What is Azure attribute-based access control (Azure ABAC)?](https://docs.microsoft.com/azure/role-based-access-control/conditions-overview)<br>\r\n💡 [Azure role assignment conditions](https://docs.microsoft.com/azure/storage/common/storage-auth-abac-examples)<br>\r\n💡 [Apply a sensitivity label to content automatically](https://docs.microsoft.com/microsoft-365/compliance/apply-sensitivity-label-automatically?)<br>\r\n\r\n### Microsoft Portals\r\n🔀 [Azure AD: Custom Security attributes](https://portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/CustomAttributesCatalog)<br>\r\n🔀 [Azure Information Protection: Labels](https://portal.azure.com/#blade/Microsoft_Azure_InformationProtection/DataClassGroupEditBlade/globalBlade)<br>\r\n\r\n### NIST SP 800-53 Guidance\r\n[AC-16](https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control?version=5.1&number=AC-16)<br>\r\n\r\n### Assessment\r\n"
+                          "json": "# [Security Attributes (AC-16)](https://docs.microsoft.com/azure/governance/policy/samples/nist-sp-800-53-r4?WT.mc_id=Portal-fx#security-attributes)\r\n\r\n\ta. Provide the means to associate [Assignment: organization-defined types of security and privacy attributes] with [Assignment: organization-defined security and privacy attribute values] for information in storage, in process, and/or in transmission;\r\n\tb. Ensure that the attribute associations are made and retained with the information;\r\n\tc. Establish the following permitted security and privacy attributes from the attributes defined in AC-16a for [Assignment: organization-defined systems]: [Assignment: organization-defined security and privacy attributes];\r\n\td. Determine the following permitted attribute values or ranges for each of the established attributes: [Assignment: organization-defined attribute values or ranges for established attributes];\r\n\te. Audit changes to attributes; and\r\n\tf. Review [Assignment: organization-defined security and privacy attributes] for applicability [Assignment: organization-defined frequency].\r\n\r\n### Recommended Logs\r\n🔷 [InformationProtectionEvents](https://docs.microsoft.com/azure/information-protection/audit-logs) ✳️ [Azure Information Protection](https://azure.microsoft.com/services/information-protection/)<br>\r\n\r\n### Implementation\r\n💡 [What is Azure attribute-based access control (Azure ABAC)?](https://docs.microsoft.com/azure/role-based-access-control/conditions-overview)<br>\r\n💡 [Azure role assignment conditions](https://docs.microsoft.com/azure/storage/common/storage-auth-abac-examples)<br>\r\n💡 [Apply a sensitivity label to content automatically](https://docs.microsoft.com/microsoft-365/compliance/apply-sensitivity-label-automatically?)<br>\r\n\r\n### Microsoft Portals\r\n🔀 [Microsoft Entra ID: Custom Security attributes](https://portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/CustomAttributesCatalog)<br>\r\n🔀 [Azure Information Protection: Labels](https://portal.azure.com/#blade/Microsoft_Azure_InformationProtection/DataClassGroupEditBlade/globalBlade)<br>\r\n\r\n### NIST SP 800-53 Guidance\r\n[AC-16](https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control?version=5.1&number=AC-16)<br>\r\n\r\n### Assessment\r\n"
                        },
                        "name": "text - 2"
                      },
@ -5051,7 +5051,7 @@
                      {
                        "type": 1,
                        "content": {
-                          "json": "# [Remote Access (AC-17)](https://docs.microsoft.com/azure/governance/policy/samples/nist-sp-800-53-r4?WT.mc_id=Portal-fx#security-attributes)\r\n\r\n\ta. Establish and document usage restrictions, configuration/connection requirements, and implementation guidance for each type of remote access allowed; and\r\n\tb. Authorize each type of remote access to the system prior to allowing such connections.\r\n\r\n### Recommended Logs\r\n🔷 [SecurityRegulatoryCompliance](https://docs.microsoft.com/azure/azure-monitor/reference/tables/securityregulatorycompliance) ✳️ [Microsoft Defender for Cloud](https://azure.microsoft.com/services/security-center/)<br> \r\n🔷 [SigninLogs](https://docs.microsoft.com/azure/azure-monitor/reference/tables/signinlogs) ✳️ [Azure Active Directory](https://azure.microsoft.com/services/active-directory/)<br>\r\n🔷 [resources](https://docs.microsoft.com/azure/governance/resource-graph/overview) ✳️ [Azure Front Door](https://azure.microsoft.com/services/frontdoor/)\r\n✳️ [Azure ExpressRoute](https://azure.microsoft.com/services/expressroute/) ✳️ [Azure Bastion](https://azure.microsoft.com/services/azure-bastion/) ✳️ [VPN Gateway](https://azure.microsoft.com/services/vpn-gateway/) ✳️ [Azure Web Application Firewall](https://azure.microsoft.com/services/web-application-firewall/)<br>\r\n\r\n### Implementation\r\n💡 [What is Azure Bastion?](https://docs.microsoft.com/azure/bastion/bastion-overview)<br>\r\n💡 [Create a bastion host](https://docs.microsoft.com/azure/bastion/tutorial-create-host-portal#createhost)<br>\r\n💡 [Network access control (NAC) integration with Intune](https://docs.microsoft.com/mem/intune/protect/network-access-control-integrate)<br>\r\n💡 [Create a Conditional Access policy](https://docs.microsoft.com/azure/active-directory/authentication/tutorial-enable-azure-mfa#create-a-conditional-access-policy)<br>\r\n💡 [What is Azure ExpressRoute?](https://docs.microsoft.com/azure/expressroute/expressroute-introduction)<br>\r\n💡 [Configuring a VPN Gateway](https://docs.microsoft.com/azure/vpn-gateway/vpn-gateway-about-vpngateways#configuring)<br>\r\n💡 [Using the location condition in a Conditional Access policy](https://docs.microsoft.com/azure/active-directory/conditional-access/location-condition)<br>\r\n💡 [Customize Web Application Firewall rules using the Azure portal](https://docs.microsoft.com/azure/web-application-firewall/ag/application-gateway-customize-waf-rules-portal)<br>\r\n💡 [What is Azure Front Door?](https://docs.microsoft.com/azure/frontdoor/front-door-overview)<br>\r\n### Microsoft Portals\r\n🔀 [Microsoft Defender for Cloud: Regulatory Compliance](https://portal.azure.com/#blade/Microsoft_Azure_Security/SecurityMenuBlade/22)<br>\r\n🔀 [Azure AD: Conditional Access - Named Locations](https://portal.azure.com/#blade/Microsoft_AAD_IAM/ConditionalAccessBlade/NamedLocations)<br>\r\n🔀 [Front Door](https://portal.azure.com/#blade/Microsoft_Azure_Network/LoadBalancingHubMenuBlade/frontdoors)<br>\r\n🔀 [Bastions](https://portal.azure.com/#blade/HubsExtension/BrowseResource/resourceType/Microsoft.Network%2FbastionHosts)<br>\r\n🔀 [ExpressRoute Circuits](https://portal.azure.com/#blade/HubsExtension/BrowseResource/resourceType/Microsoft.Network%2FexpressRouteCircuits)<br>\r\n🔀 [Web Application Firewall policies](https://portal.azure.com/#blade/HubsExtension/BrowseResource/resourceType/Microsoft.Network%2FFrontDoorWebApplicationFirewallPolicies)<br>\r\n🔀 [Microsoft Endpoint Manager Admin Center](https://endpoint.microsoft.com/#home)<br>\r\n\r\n### NIST SP 800-53 Guidance\r\n[AC-17](https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control?version=5.1&number=AC-17)<br>\r\n\r\n### Assessment\r\n"
+                          "json": "# [Remote Access (AC-17)](https://docs.microsoft.com/azure/governance/policy/samples/nist-sp-800-53-r4?WT.mc_id=Portal-fx#security-attributes)\r\n\r\n\ta. Establish and document usage restrictions, configuration/connection requirements, and implementation guidance for each type of remote access allowed; and\r\n\tb. Authorize each type of remote access to the system prior to allowing such connections.\r\n\r\n### Recommended Logs\r\n🔷 [SecurityRegulatoryCompliance](https://docs.microsoft.com/azure/azure-monitor/reference/tables/securityregulatorycompliance) ✳️ [Microsoft Defender for Cloud](https://azure.microsoft.com/services/security-center/)<br> \r\n🔷 [SigninLogs](https://docs.microsoft.com/azure/azure-monitor/reference/tables/signinlogs) ✳️ [Microsoft Entra ID](https://azure.microsoft.com/services/active-directory/)<br>\r\n🔷 [resources](https://docs.microsoft.com/azure/governance/resource-graph/overview) ✳️ [Azure Front Door](https://azure.microsoft.com/services/frontdoor/)\r\n✳️ [Azure ExpressRoute](https://azure.microsoft.com/services/expressroute/) ✳️ [Azure Bastion](https://azure.microsoft.com/services/azure-bastion/) ✳️ [VPN Gateway](https://azure.microsoft.com/services/vpn-gateway/) ✳️ [Azure Web Application Firewall](https://azure.microsoft.com/services/web-application-firewall/)<br>\r\n\r\n### Implementation\r\n💡 [What is Azure Bastion?](https://docs.microsoft.com/azure/bastion/bastion-overview)<br>\r\n💡 [Create a bastion host](https://docs.microsoft.com/azure/bastion/tutorial-create-host-portal#createhost)<br>\r\n💡 [Network access control (NAC) integration with Intune](https://docs.microsoft.com/mem/intune/protect/network-access-control-integrate)<br>\r\n💡 [Create a Conditional Access policy](https://docs.microsoft.com/azure/active-directory/authentication/tutorial-enable-azure-mfa#create-a-conditional-access-policy)<br>\r\n💡 [What is Azure ExpressRoute?](https://docs.microsoft.com/azure/expressroute/expressroute-introduction)<br>\r\n💡 [Configuring a VPN Gateway](https://docs.microsoft.com/azure/vpn-gateway/vpn-gateway-about-vpngateways#configuring)<br>\r\n💡 [Using the location condition in a Conditional Access policy](https://docs.microsoft.com/azure/active-directory/conditional-access/location-condition)<br>\r\n💡 [Customize Web Application Firewall rules using the Azure portal](https://docs.microsoft.com/azure/web-application-firewall/ag/application-gateway-customize-waf-rules-portal)<br>\r\n💡 [What is Azure Front Door?](https://docs.microsoft.com/azure/frontdoor/front-door-overview)<br>\r\n### Microsoft Portals\r\n🔀 [Microsoft Defender for Cloud: Regulatory Compliance](https://portal.azure.com/#blade/Microsoft_Azure_Security/SecurityMenuBlade/22)<br>\r\n🔀 [Microsoft Entra ID: Conditional Access - Named Locations](https://portal.azure.com/#blade/Microsoft_AAD_IAM/ConditionalAccessBlade/NamedLocations)<br>\r\n🔀 [Front Door](https://portal.azure.com/#blade/Microsoft_Azure_Network/LoadBalancingHubMenuBlade/frontdoors)<br>\r\n🔀 [Bastions](https://portal.azure.com/#blade/HubsExtension/BrowseResource/resourceType/Microsoft.Network%2FbastionHosts)<br>\r\n🔀 [ExpressRoute Circuits](https://portal.azure.com/#blade/HubsExtension/BrowseResource/resourceType/Microsoft.Network%2FexpressRouteCircuits)<br>\r\n🔀 [Web Application Firewall policies](https://portal.azure.com/#blade/HubsExtension/BrowseResource/resourceType/Microsoft.Network%2FFrontDoorWebApplicationFirewallPolicies)<br>\r\n🔀 [Microsoft Endpoint Manager Admin Center](https://endpoint.microsoft.com/#home)<br>\r\n\r\n### NIST SP 800-53 Guidance\r\n[AC-17](https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control?version=5.1&number=AC-17)<br>\r\n\r\n### Assessment\r\n"
                        },
                        "name": "text - 2"
                      },
@ -5315,7 +5315,7 @@
                      {
                        "type": 1,
                        "content": {
-                          "json": "# [Wireless Access (AC-18)](https://docs.microsoft.com/azure/governance/policy/samples/nist-sp-800-53-r4?WT.mc_id=Portal-fx#wireless-access)\r\n\r\n\ta. Establish configuration requirements, connection requirements, and implementation guidance for each type of wireless access; and\r\n\tb. Authorize each type of wireless access to the system prior to allowing such connections.\r\n\r\n### Recommended Logs\r\n🔷 [SecurityBaselines](https://docs.microsoft.com/azure/azure-monitor/reference/tables/securitybaseline) ✳️ [Microsoft Defender for Cloud](https://azure.microsoft.com/services/security-center/)<br> \r\n\r\n### Implementation\r\n💡 [Microsoft Endpoint Manager overview](https://docs.microsoft.com/mem/endpoint-manager-overview)<br>\r\n💡 [Network access control (NAC) integration with Intune](https://docs.microsoft.com/mem/intune/protect/network-access-control-integrate)<br>\r\n💡 [What are common ways to use Conditional Access with Intune?](https://docs.microsoft.com/mem/intune/protect/conditional-access-intune-common-ways-use)<br>\r\n💡 [Add and use Wi-Fi settings on your devices in Microsoft Intune](https://docs.microsoft.com/mem/intune/configuration/wi-fi-settings-configure)<br>\r\n💡 [Add Wi-Fi settings for Windows 10 and newer devices in Intune](https://docs.microsoft.com/mem/intune/configuration/wi-fi-settings-windows)<br>\r\n💡 [Apply Azure security baselines to machines](https://docs.microsoft.com/azure/defender-for-cloud/apply-security-baseline)<br>\r\n\r\n### Microsoft Portals\r\n🔀 [Microsoft Endpoint Manager Admin Center](https://endpoint.microsoft.com/#home)<br>\r\n🔀 [Azure AD: Conditional Access](https://portal.azure.com/#blade/Microsoft_AAD_IAM/ConditionalAccessBlade/Policies)<br>\r\n🔀 [Microsoft Defender for Cloud: Recommendations](https://portal.azure.com/#blade/Microsoft_Azure_Security/SecurityMenuBlade/5)<br>\r\n\r\n### NIST SP 800-53 Guidance\r\n[AC-18](https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control?version=5.1&number=AC-18)<br>\r\n\r\n### Assessment\r\n"
+                          "json": "# [Wireless Access (AC-18)](https://docs.microsoft.com/azure/governance/policy/samples/nist-sp-800-53-r4?WT.mc_id=Portal-fx#wireless-access)\r\n\r\n\ta. Establish configuration requirements, connection requirements, and implementation guidance for each type of wireless access; and\r\n\tb. Authorize each type of wireless access to the system prior to allowing such connections.\r\n\r\n### Recommended Logs\r\n🔷 [SecurityBaselines](https://docs.microsoft.com/azure/azure-monitor/reference/tables/securitybaseline) ✳️ [Microsoft Defender for Cloud](https://azure.microsoft.com/services/security-center/)<br> \r\n\r\n### Implementation\r\n💡 [Microsoft Endpoint Manager overview](https://docs.microsoft.com/mem/endpoint-manager-overview)<br>\r\n💡 [Network access control (NAC) integration with Intune](https://docs.microsoft.com/mem/intune/protect/network-access-control-integrate)<br>\r\n💡 [What are common ways to use Conditional Access with Intune?](https://docs.microsoft.com/mem/intune/protect/conditional-access-intune-common-ways-use)<br>\r\n💡 [Add and use Wi-Fi settings on your devices in Microsoft Intune](https://docs.microsoft.com/mem/intune/configuration/wi-fi-settings-configure)<br>\r\n💡 [Add Wi-Fi settings for Windows 10 and newer devices in Intune](https://docs.microsoft.com/mem/intune/configuration/wi-fi-settings-windows)<br>\r\n💡 [Apply Azure security baselines to machines](https://docs.microsoft.com/azure/defender-for-cloud/apply-security-baseline)<br>\r\n\r\n### Microsoft Portals\r\n🔀 [Microsoft Endpoint Manager Admin Center](https://endpoint.microsoft.com/#home)<br>\r\n🔀 [Microsoft Entra ID: Conditional Access](https://portal.azure.com/#blade/Microsoft_AAD_IAM/ConditionalAccessBlade/Policies)<br>\r\n🔀 [Microsoft Defender for Cloud: Recommendations](https://portal.azure.com/#blade/Microsoft_Azure_Security/SecurityMenuBlade/5)<br>\r\n\r\n### NIST SP 800-53 Guidance\r\n[AC-18](https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control?version=5.1&number=AC-18)<br>\r\n\r\n### Assessment\r\n"
                        },
                        "name": "text - 2"
                      },
@ -5487,7 +5487,7 @@
                      {
                        "type": 1,
                        "content": {
-                          "json": "# [Access Control for Mobile Devices (AC-19)](https://docs.microsoft.com/azure/governance/policy/samples/nist-sp-800-53-r4?WT.mc_id=Portal-fx#access-control-for-mobile-devices)\r\n\r\n\ta. Establish configuration requirements, connection requirements, and implementation guidance for organization-controlled mobile devices, to include when such devices are outside of controlled areas; and\r\n\tb. Authorize the connection of mobile devices to organizational systems.\r\n\r\n### Recommended Logs\r\n🔷 [SigninLogs](https://docs.microsoft.com/azure/azure-monitor/reference/tables/signinlogs) ✳️ [Azure Active Directory](https://azure.microsoft.com/services/active-directory/)<br>\r\n\r\n### Implementation\r\n💡 [App management capabilities by platform](https://docs.microsoft.com/mem/intune/apps/app-management#app-management-capabilities-by-platform)<br>\r\n💡 [Microsoft Intune protected apps](https://docs.microsoft.com/mem/intune/apps/apps-supported-intune-apps)<br>\r\n💡 [Network access control (NAC) integration with Intune](https://docs.microsoft.com/mem/intune/protect/network-access-control-integrate)<br>\r\n💡 [What are common ways to use Conditional Access with Intune?](https://docs.microsoft.com/mem/intune/protect/conditional-access-intune-common-ways-use)<br>\r\n💡 [How to create and assign app protection policies](https://docs.microsoft.com/mem/intune/apps/app-protection-policies)<br>\r\n💡 [Android app protection policy settings in Microsoft Intune](https://docs.microsoft.com/mem/intune/apps/app-protection-policy-settings-android)<br>\r\n💡 [iOS app protection policy settings](https://docs.microsoft.com/mem/intune/apps/app-protection-policy-settings-ios)<br>\r\n\r\n### Microsoft Portals\r\n🔀 [Azure Active Directory: Conditional Access](https://portal.azure.com/#blade/Microsoft_AAD_IAM/ConditionalAccessBlade/Policies)<br>\r\n🔀 [Microsoft Endpoint Manager Admin Center: Devices](https://endpoint.microsoft.com/#blade/Microsoft_Intune_DeviceSettings/DevicesMenu/overview)<br>\r\n\r\n### NIST SP 800-53 Guidance\r\n[AC-19](https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control?version=5.1&number=AC-19)<br>\r\n\r\n### Assessment\r\n"
+                          "json": "# [Access Control for Mobile Devices (AC-19)](https://docs.microsoft.com/azure/governance/policy/samples/nist-sp-800-53-r4?WT.mc_id=Portal-fx#access-control-for-mobile-devices)\r\n\r\n\ta. Establish configuration requirements, connection requirements, and implementation guidance for organization-controlled mobile devices, to include when such devices are outside of controlled areas; and\r\n\tb. Authorize the connection of mobile devices to organizational systems.\r\n\r\n### Recommended Logs\r\n🔷 [SigninLogs](https://docs.microsoft.com/azure/azure-monitor/reference/tables/signinlogs) ✳️ [Microsoft Entra ID](https://azure.microsoft.com/services/active-directory/)<br>\r\n\r\n### Implementation\r\n💡 [App management capabilities by platform](https://docs.microsoft.com/mem/intune/apps/app-management#app-management-capabilities-by-platform)<br>\r\n💡 [Microsoft Intune protected apps](https://docs.microsoft.com/mem/intune/apps/apps-supported-intune-apps)<br>\r\n💡 [Network access control (NAC) integration with Intune](https://docs.microsoft.com/mem/intune/protect/network-access-control-integrate)<br>\r\n💡 [What are common ways to use Conditional Access with Intune?](https://docs.microsoft.com/mem/intune/protect/conditional-access-intune-common-ways-use)<br>\r\n💡 [How to create and assign app protection policies](https://docs.microsoft.com/mem/intune/apps/app-protection-policies)<br>\r\n💡 [Android app protection policy settings in Microsoft Intune](https://docs.microsoft.com/mem/intune/apps/app-protection-policy-settings-android)<br>\r\n💡 [iOS app protection policy settings](https://docs.microsoft.com/mem/intune/apps/app-protection-policy-settings-ios)<br>\r\n\r\n### Microsoft Portals\r\n🔀 [Microsoft Entra ID: Conditional Access](https://portal.azure.com/#blade/Microsoft_AAD_IAM/ConditionalAccessBlade/Policies)<br>\r\n🔀 [Microsoft Endpoint Manager Admin Center: Devices](https://endpoint.microsoft.com/#blade/Microsoft_Intune_DeviceSettings/DevicesMenu/overview)<br>\r\n\r\n### NIST SP 800-53 Guidance\r\n[AC-19](https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control?version=5.1&number=AC-19)<br>\r\n\r\n### Assessment\r\n"
                        },
                        "name": "text - 2"
                      },
@ -5676,7 +5676,7 @@
                      {
                        "type": 1,
                        "content": {
-                          "json": "# [Use of External Information Systems (AC-20)](https://docs.microsoft.com/azure/governance/policy/samples/nist-sp-800-53-r4?WT.mc_id=Portal-fx#use-of-external-information-systems)\r\n\r\n\ta. [Selection (one or more): Establish [Assignment: organization-defined terms and conditions]; Identify [Assignment: organization-defined controls asserted to be implemented on external systems]], consistent with the trust relationships established with other organizations owning, operating, and/or maintaining external systems, allowing authorized individuals to:\r\n\t\t1. Access the system from external systems; and\r\n\t\t2. Process, store, or transmit organization-controlled information using external systems; or\r\n\tb. Prohibit the use of [Assignment: organizationally-defined types of external systems].\r\n\r\n### Recommended Logs\r\n🔷 [SecurityRegulatoryCompliance](https://docs.microsoft.com/azure/azure-monitor/reference/tables/securityregulatorycompliance) 🔷 [SecurityBaselines](https://docs.microsoft.com/azure/azure-monitor/reference/tables/securitybaseline) ✳️ [Microsoft Defender for Cloud](https://azure.microsoft.com/services/security-center/)<br> \r\n\r\n### Implementation\r\n💡 [Conditional Access: Block access by location](https://docs.microsoft.com/azure/active-directory/conditional-access/howto-conditional-access-policy-location)<br>\r\n💡 [Azure AD Conditional Access documentation](https://docs.microsoft.com/azure/active-directory/conditional-access/)<br>\r\n💡 [What is Conditional Access?](https://docs.microsoft.com/azure/active-directory/conditional-access/overview)<br>\r\n💡 [Microsoft Defender for Cloud Apps overview](https://docs.microsoft.com/defender-cloud-apps/what-is-defender-for-cloud-apps)<br>\r\n💡 [Apply Azure security baselines to machines](https://docs.microsoft.com/azure/defender-for-cloud/apply-security-baseline)<br>\r\n\r\n### Microsoft Portals\r\n🔀 [Microsoft Defender for Cloud: Recommendations](https://portal.azure.com/#blade/Microsoft_Azure_Security/SecurityMenuBlade/5)<br>\r\n🔀 [Azure AD: Conditional Access](https://portal.azure.com/#blade/Microsoft_AAD_IAM/ConditionalAccessBlade/Policies)<br>\r\n🔀 [Microsoft Defender for Cloud Apps](https://portal.cloudappsecurity.com/)<br>\r\n\r\n### NIST SP 800-53 Guidance\r\n[AC-20](https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control?version=5.1&number=AC-20)<br>\r\n\r\n### Assessment\r\n"
+                          "json": "# [Use of External Information Systems (AC-20)](https://docs.microsoft.com/azure/governance/policy/samples/nist-sp-800-53-r4?WT.mc_id=Portal-fx#use-of-external-information-systems)\r\n\r\n\ta. [Selection (one or more): Establish [Assignment: organization-defined terms and conditions]; Identify [Assignment: organization-defined controls asserted to be implemented on external systems]], consistent with the trust relationships established with other organizations owning, operating, and/or maintaining external systems, allowing authorized individuals to:\r\n\t\t1. Access the system from external systems; and\r\n\t\t2. Process, store, or transmit organization-controlled information using external systems; or\r\n\tb. Prohibit the use of [Assignment: organizationally-defined types of external systems].\r\n\r\n### Recommended Logs\r\n🔷 [SecurityRegulatoryCompliance](https://docs.microsoft.com/azure/azure-monitor/reference/tables/securityregulatorycompliance) 🔷 [SecurityBaselines](https://docs.microsoft.com/azure/azure-monitor/reference/tables/securitybaseline) ✳️ [Microsoft Defender for Cloud](https://azure.microsoft.com/services/security-center/)<br> \r\n\r\n### Implementation\r\n💡 [Conditional Access: Block access by location](https://docs.microsoft.com/azure/active-directory/conditional-access/howto-conditional-access-policy-location)<br>\r\n💡 [Microsoft Entra ID Conditional Access documentation](https://docs.microsoft.com/azure/active-directory/conditional-access/)<br>\r\n💡 [What is Conditional Access?](https://docs.microsoft.com/azure/active-directory/conditional-access/overview)<br>\r\n💡 [Microsoft Defender for Cloud Apps overview](https://docs.microsoft.com/defender-cloud-apps/what-is-defender-for-cloud-apps)<br>\r\n💡 [Apply Azure security baselines to machines](https://docs.microsoft.com/azure/defender-for-cloud/apply-security-baseline)<br>\r\n\r\n### Microsoft Portals\r\n🔀 [Microsoft Defender for Cloud: Recommendations](https://portal.azure.com/#blade/Microsoft_Azure_Security/SecurityMenuBlade/5)<br>\r\n🔀 [Microsoft Entra ID: Conditional Access](https://portal.azure.com/#blade/Microsoft_AAD_IAM/ConditionalAccessBlade/Policies)<br>\r\n🔀 [Microsoft Defender for Cloud Apps](https://portal.cloudappsecurity.com/)<br>\r\n\r\n### NIST SP 800-53 Guidance\r\n[AC-20](https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control?version=5.1&number=AC-20)<br>\r\n\r\n### Assessment\r\n"
                        },
                        "name": "text - 2"
                      },
@ -7023,7 +7023,7 @@
                      {
                        "type": 1,
                        "content": {
-                          "json": "# [Content of Audit Records (AU-3)](https://docs.microsoft.com/azure/governance/policy/samples/nist-sp-800-53-r4?WT.mc_id=Portal-fx#content-of-audit-records)\r\n\r\n\tEnsure that audit records contain information that establishes the following:\r\n\ta. What type of event occurred;\r\n\tb. When the event occurred;\r\n\tc. Where the event occurred;\r\n\td. Source of the event;\r\n\te. Outcome of the event; and\r\n\tf. Identity of any individuals, subjects, or objects/entities associated with the event.\r\n\r\n### Recommended Logs\r\n🔷 [Usage](https://docs.microsoft.com/azure/azure-monitor/reference/tables/usage) ✳️ [Azure Monitor](https://azure.microsoft.com/services/monitor/)<br> \r\n\r\n### Implementation\r\n💡 [Audit logs in Azure Active Directory](https://docs.microsoft.com/azure/active-directory/reports-monitoring/concept-audit-logs)<br>\r\n💡 [Connect Azure Active Directory (Azure AD) data to Microsoft Sentinel](https://docs.microsoft.com/azure/sentinel/connect-azure-active-directory)<br>\r\n\r\n### Microsoft Portals\r\n🔀 [Azure Active Directory](https://portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/Overview)<br>\r\n\r\n### NIST SP 800-53 Guidance\r\n[AU-3](https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control?version=5.1&number=AU-3)<br>\r\n\r\n### Assessment\r\n"
+                          "json": "# [Content of Audit Records (AU-3)](https://docs.microsoft.com/azure/governance/policy/samples/nist-sp-800-53-r4?WT.mc_id=Portal-fx#content-of-audit-records)\r\n\r\n\tEnsure that audit records contain information that establishes the following:\r\n\ta. What type of event occurred;\r\n\tb. When the event occurred;\r\n\tc. Where the event occurred;\r\n\td. Source of the event;\r\n\te. Outcome of the event; and\r\n\tf. Identity of any individuals, subjects, or objects/entities associated with the event.\r\n\r\n### Recommended Logs\r\n🔷 [Usage](https://docs.microsoft.com/azure/azure-monitor/reference/tables/usage) ✳️ [Azure Monitor](https://azure.microsoft.com/services/monitor/)<br> \r\n\r\n### Implementation\r\n💡 [Audit logs in Microsoft Entra ID](https://docs.microsoft.com/azure/active-directory/reports-monitoring/concept-audit-logs)<br>\r\n💡 [Connect Microsoft Entra ID data to Microsoft Sentinel](https://docs.microsoft.com/azure/sentinel/connect-azure-active-directory)<br>\r\n\r\n### Microsoft Portals\r\n🔀 [Microsoft Entra ID](https://portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/Overview)<br>\r\n\r\n### NIST SP 800-53 Guidance\r\n[AU-3](https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control?version=5.1&number=AU-3)<br>\r\n\r\n### Assessment\r\n"
                        },
                        "name": "text - 2"
                      },
@ -7544,7 +7544,7 @@
                      {
                        "type": 1,
                        "content": {
-                          "json": "# [Audit Review, Analysis, and Reporting (AU-6)](https://docs.microsoft.com/azure/governance/policy/samples/nist-sp-800-53-r4?WT.mc_id=Portal-fx#audit-review-analysis-and-reporting)\r\n\r\n\ta. Review and analyze system audit records [Assignment: organization-defined frequency] for indications of [Assignment: organization-defined inappropriate or unusual activity] and the potential impact of the inappropriate or unusual activity;\r\n\tb. Report findings to [Assignment: organization-defined personnel or roles]; and\r\n\tc. Adjust the level of audit record review, analysis, and reporting within the system when there is a change in risk based on law enforcement information, intelligence information, or other credible sources of information.\r\n\r\n### Recommended Logs\r\n🔷 [SecurityRegulatoryCompliance](https://docs.microsoft.com/azure/azure-monitor/reference/tables/securityregulatorycompliance) ✳️ [Microsoft Defender for Cloud](https://azure.microsoft.com/services/security-center/)<br> \r\n\r\n### Implementation\r\n💡 [Connect Azure Active Directory (Azure AD) data to Microsoft Sentinel](https://docs.microsoft.com/azure/sentinel/connect-azure-active-directory)<br>\r\n💡 [Use Azure Monitor workbooks to visualize and monitor your data](https://docs.microsoft.com/azure/sentinel/monitor-your-data)<br>\r\n💡 [Create new workbook](https://docs.microsoft.com/azure/sentinel/monitor-your-data#create-new-workbook)<br>\r\n💡 [Microsoft Sentinel data connectors](https://docs.microsoft.com/azure/sentinel/connect-data-sources)<br>\r\n💡 [Turn auditing on or off](https://docs.microsoft.com/microsoft-365/compliance/turn-audit-log-search-on-or-off?#turn-on-audit-log-search)<br>\r\n💡 [Security & Compliance Center](https://docs.microsoft.com/office365/servicedescriptions/office-365-platform-service-description/office-365-securitycompliance-center)<br>\r\n💡 [Audited activities](https://docs.microsoft.com/microsoft-365/compliance/search-the-audit-log-in-security-and-compliance?#audited-activities)<br>\r\n💡 [Use audit logs to track and monitor events in Microsoft Intune](https://docs.microsoft.com/mem/intune/fundamentals/monitor-audit-logs)<br>\r\n\r\n### Microsoft Portals\r\n🔀 [Microsoft Defender for Cloud: Regulatory Compliance](https://portal.azure.com/#blade/Microsoft_Azure_Security/SecurityMenuBlade/22)<br>\r\n🔀 [Microsoft Endpoint Manager Admin Center](https://endpoint.microsoft.com/#home)<br>\r\n🔀 [Microsoft 365 Compliance Manager](https://compliance.microsoft.com/homepage)<br>\r\n🔀 [Azure Active Directory](https://portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/Overview)<br>\r\n🔀 [Azure Monitor](https://portal.azure.com/#blade/Microsoft_Azure_Monitoring/AzureMonitoringBrowseBlade/overview)<br>\r\n\r\n\r\n### NIST SP 800-53 Guidance\r\n[AU-6](https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control?version=5.1&number=AU-6)<br>\r\n\r\n### Assessment\r\n"
+                          "json": "# [Audit Review, Analysis, and Reporting (AU-6)](https://docs.microsoft.com/azure/governance/policy/samples/nist-sp-800-53-r4?WT.mc_id=Portal-fx#audit-review-analysis-and-reporting)\r\n\r\n\ta. Review and analyze system audit records [Assignment: organization-defined frequency] for indications of [Assignment: organization-defined inappropriate or unusual activity] and the potential impact of the inappropriate or unusual activity;\r\n\tb. Report findings to [Assignment: organization-defined personnel or roles]; and\r\n\tc. Adjust the level of audit record review, analysis, and reporting within the system when there is a change in risk based on law enforcement information, intelligence information, or other credible sources of information.\r\n\r\n### Recommended Logs\r\n🔷 [SecurityRegulatoryCompliance](https://docs.microsoft.com/azure/azure-monitor/reference/tables/securityregulatorycompliance) ✳️ [Microsoft Defender for Cloud](https://azure.microsoft.com/services/security-center/)<br> \r\n\r\n### Implementation\r\n💡 [Connect Microsoft Entra ID data to Microsoft Sentinel](https://docs.microsoft.com/azure/sentinel/connect-azure-active-directory)<br>\r\n💡 [Use Azure Monitor workbooks to visualize and monitor your data](https://docs.microsoft.com/azure/sentinel/monitor-your-data)<br>\r\n💡 [Create new workbook](https://docs.microsoft.com/azure/sentinel/monitor-your-data#create-new-workbook)<br>\r\n💡 [Microsoft Sentinel data connectors](https://docs.microsoft.com/azure/sentinel/connect-data-sources)<br>\r\n💡 [Turn auditing on or off](https://docs.microsoft.com/microsoft-365/compliance/turn-audit-log-search-on-or-off?#turn-on-audit-log-search)<br>\r\n💡 [Security & Compliance Center](https://docs.microsoft.com/office365/servicedescriptions/office-365-platform-service-description/office-365-securitycompliance-center)<br>\r\n💡 [Audited activities](https://docs.microsoft.com/microsoft-365/compliance/search-the-audit-log-in-security-and-compliance?#audited-activities)<br>\r\n💡 [Use audit logs to track and monitor events in Microsoft Intune](https://docs.microsoft.com/mem/intune/fundamentals/monitor-audit-logs)<br>\r\n\r\n### Microsoft Portals\r\n🔀 [Microsoft Defender for Cloud: Regulatory Compliance](https://portal.azure.com/#blade/Microsoft_Azure_Security/SecurityMenuBlade/22)<br>\r\n🔀 [Microsoft Endpoint Manager Admin Center](https://endpoint.microsoft.com/#home)<br>\r\n🔀 [Microsoft 365 Compliance Manager](https://compliance.microsoft.com/homepage)<br>\r\n🔀 [Microsoft Entra ID](https://portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/Overview)<br>\r\n🔀 [Azure Monitor](https://portal.azure.com/#blade/Microsoft_Azure_Monitoring/AzureMonitoringBrowseBlade/overview)<br>\r\n\r\n\r\n### NIST SP 800-53 Guidance\r\n[AU-6](https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control?version=5.1&number=AU-6)<br>\r\n\r\n### Assessment\r\n"
                        },
                        "name": "text - 2"
                      },
@ -7770,7 +7770,7 @@
                      {
                        "type": 1,
                        "content": {
-                          "json": "# [Audit Reduction and Report Generation (AU-7)](https://docs.microsoft.com/azure/governance/policy/samples/nist-sp-800-53-r4?WT.mc_id=Portal-fx#audit-reduction-and-report-generation)\r\n\r\n\tProvide and implement an audit record reduction and report generation capability that:\r\n\ta. Supports on-demand audit record review, analysis, and reporting requirements and after-the-fact investigations of incidents; and\r\n\tb. Does not alter the original content or time ordering of audit records.\r\n\r\n### Recommended Logs\r\n🔷 [SecurityIncident](https://docs.microsoft.com/azure/azure-monitor/reference/tables/securityincident) ✳️ [Microsoft Sentinel](https://azure.microsoft.com/services/azure-sentinel/) <br> \r\n\r\n### Implementation\r\n💡 [Investigate incidents with Microsoft Sentinel](https://docs.microsoft.com/azure/sentinel/investigate-cases)<br>\r\n💡 [Audit logs in Azure Active Directory](https://docs.microsoft.com/azure/active-directory/reports-monitoring/concept-audit-logs)<br>\r\n💡 [Azure security logging and auditing](https://docs.microsoft.com/azure/security/fundamentals/log-audit)<br>\r\n\r\n### Microsoft Portals\r\n🔀 [Microsoft Sentinel](https://portal.azure.com/#blade/HubsExtension/BrowseResource/resourceType/microsoft.securityinsightsarg%2Fsentinel)<br>\r\n\r\n### NIST SP 800-53 Guidance\r\n[AU-7](https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control?version=5.1&number=AU-7)<br>\r\n\r\n### Assessment\r\n"
+                          "json": "# [Audit Reduction and Report Generation (AU-7)](https://docs.microsoft.com/azure/governance/policy/samples/nist-sp-800-53-r4?WT.mc_id=Portal-fx#audit-reduction-and-report-generation)\r\n\r\n\tProvide and implement an audit record reduction and report generation capability that:\r\n\ta. Supports on-demand audit record review, analysis, and reporting requirements and after-the-fact investigations of incidents; and\r\n\tb. Does not alter the original content or time ordering of audit records.\r\n\r\n### Recommended Logs\r\n🔷 [SecurityIncident](https://docs.microsoft.com/azure/azure-monitor/reference/tables/securityincident) ✳️ [Microsoft Sentinel](https://azure.microsoft.com/services/azure-sentinel/) <br> \r\n\r\n### Implementation\r\n💡 [Investigate incidents with Microsoft Sentinel](https://docs.microsoft.com/azure/sentinel/investigate-cases)<br>\r\n💡 [Audit logs in Microsoft Entra ID](https://docs.microsoft.com/azure/active-directory/reports-monitoring/concept-audit-logs)<br>\r\n💡 [Azure security logging and auditing](https://docs.microsoft.com/azure/security/fundamentals/log-audit)<br>\r\n\r\n### Microsoft Portals\r\n🔀 [Microsoft Sentinel](https://portal.azure.com/#blade/HubsExtension/BrowseResource/resourceType/microsoft.securityinsightsarg%2Fsentinel)<br>\r\n\r\n### NIST SP 800-53 Guidance\r\n[AU-7](https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control?version=5.1&number=AU-7)<br>\r\n\r\n### Assessment\r\n"
                        },
                        "name": "text - 2"
                      },
@ -8211,7 +8211,7 @@
                      {
                        "type": 1,
                        "content": {
-                          "json": "# [Protection of Audit Information (AU-9)](https://docs.microsoft.com/azure/governance/policy/samples/nist-sp-800-53-r4?WT.mc_id=Portal-fx#protection-of-audit-information)\r\n\r\n\ta. Protect audit information and audit logging tools from unauthorized access, modification, and deletion; and\r\n\tb. Alert [Assignment: organization-defined personnel or roles] upon detection of unauthorized access, modification, or deletion of audit information.\r\n\r\n### Recommended Logs\r\n🔷 [SigninLogs](https://docs.microsoft.com/azure/azure-monitor/reference/tables/signinlogs) ✳️ [Azure Active Directory](https://azure.microsoft.com/services/active-directory/)<br>\r\n🔷 [IdentityInfo](https://docs.microsoft.com/azure/azure-monitor/reference/tables/identityinfo) 🔷 [AzureActivity](https://docs.microsoft.com/azure/azure-monitor/reference/tables/azureactivity) ✳️ [Microsoft Sentinel](https://azure.microsoft.com/services/azure-sentinel/) <br> \r\n🔷 [SecurityBaselines](https://docs.microsoft.com/azure/azure-monitor/reference/tables/securitybaseline) ✳️ [Microsoft Defender for Cloud](https://azure.microsoft.com/services/security-center/)<br> \r\n\r\n### Implementation\r\n💡 [Audit logging overview](https://docs.microsoft.com/compliance/assurance/assurance-audit-logging)<br>\r\n💡 [Audit logs for Azure Attestation](https://docs.microsoft.com/azure/attestation/audit-logs)<br>\r\n💡 [Permissions in Microsoft Sentinel](https://docs.microsoft.com/azure/sentinel/roles)<br>\r\n💡 [Set up Microsoft Sentinel customer-managed key](https://docs.microsoft.com/azure/sentinel/customer-managed-keys)<br>\r\n💡 [Search the audit log in the compliance center](https://docs.microsoft.com/microsoft-365/compliance/search-the-audit-log-in-security-and-compliance)<br>\r\n\r\n### Microsoft Portals\r\n🔀 [Microsoft Sentinel](https://portal.azure.com/#blade/HubsExtension/BrowseResource/resourceType/microsoft.securityinsightsarg%2Fsentinel)<br>\r\n🔀 [Azure Monitor](https://portal.azure.com/#blade/Microsoft_Azure_Monitoring/AzureMonitoringBrowseBlade/overview)<br>\r\n🔀 [Microsoft Defender for Cloud](https://portal.azure.com/#blade/Microsoft_Azure_Security/SecurityMenuBlade/0)<br>\r\n🔀 [Azure Active Directory](https://portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/Overview)<br>\r\n🔀 [Key Vault](https://portal.azure.com/#blade/HubsExtension/BrowseResource/resourceType/Microsoft.KeyVault%2Fvaults)<br>\r\n🔀 [Microsoft 365 Compliance Manager: Audit](https://compliance.microsoft.com/auditlogsearch?viewid=Test%20Tab)<br>\r\n\r\n### NIST SP 800-53 Guidance\r\n[AU-9](https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control?version=5.1&number=AU-9)<br>\r\n\r\n### Assessment\r\n"
+                          "json": "# [Protection of Audit Information (AU-9)](https://docs.microsoft.com/azure/governance/policy/samples/nist-sp-800-53-r4?WT.mc_id=Portal-fx#protection-of-audit-information)\r\n\r\n\ta. Protect audit information and audit logging tools from unauthorized access, modification, and deletion; and\r\n\tb. Alert [Assignment: organization-defined personnel or roles] upon detection of unauthorized access, modification, or deletion of audit information.\r\n\r\n### Recommended Logs\r\n🔷 [SigninLogs](https://docs.microsoft.com/azure/azure-monitor/reference/tables/signinlogs) ✳️ [Microsoft Entra ID](https://azure.microsoft.com/services/active-directory/)<br>\r\n🔷 [IdentityInfo](https://docs.microsoft.com/azure/azure-monitor/reference/tables/identityinfo) 🔷 [AzureActivity](https://docs.microsoft.com/azure/azure-monitor/reference/tables/azureactivity) ✳️ [Microsoft Sentinel](https://azure.microsoft.com/services/azure-sentinel/) <br> \r\n🔷 [SecurityBaselines](https://docs.microsoft.com/azure/azure-monitor/reference/tables/securitybaseline) ✳️ [Microsoft Defender for Cloud](https://azure.microsoft.com/services/security-center/)<br> \r\n\r\n### Implementation\r\n💡 [Audit logging overview](https://docs.microsoft.com/compliance/assurance/assurance-audit-logging)<br>\r\n💡 [Audit logs for Azure Attestation](https://docs.microsoft.com/azure/attestation/audit-logs)<br>\r\n💡 [Permissions in Microsoft Sentinel](https://docs.microsoft.com/azure/sentinel/roles)<br>\r\n💡 [Set up Microsoft Sentinel customer-managed key](https://docs.microsoft.com/azure/sentinel/customer-managed-keys)<br>\r\n💡 [Search the audit log in the compliance center](https://docs.microsoft.com/microsoft-365/compliance/search-the-audit-log-in-security-and-compliance)<br>\r\n\r\n### Microsoft Portals\r\n🔀 [Microsoft Sentinel](https://portal.azure.com/#blade/HubsExtension/BrowseResource/resourceType/microsoft.securityinsightsarg%2Fsentinel)<br>\r\n🔀 [Azure Monitor](https://portal.azure.com/#blade/Microsoft_Azure_Monitoring/AzureMonitoringBrowseBlade/overview)<br>\r\n🔀 [Microsoft Defender for Cloud](https://portal.azure.com/#blade/Microsoft_Azure_Security/SecurityMenuBlade/0)<br>\r\n🔀 [Microsoft Entra ID](https://portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/Overview)<br>\r\n🔀 [Key Vault](https://portal.azure.com/#blade/HubsExtension/BrowseResource/resourceType/Microsoft.KeyVault%2Fvaults)<br>\r\n🔀 [Microsoft 365 Compliance Manager: Audit](https://compliance.microsoft.com/auditlogsearch?viewid=Test%20Tab)<br>\r\n\r\n### NIST SP 800-53 Guidance\r\n[AU-9](https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control?version=5.1&number=AU-9)<br>\r\n\r\n### Assessment\r\n"
                        },
                        "name": "text - 2"
                      },
@ -8809,7 +8809,7 @@
                      {
                        "type": 1,
                        "content": {
-                          "json": "# [Audit Generation (AU-12)](https://docs.microsoft.com/azure/governance/policy/samples/nist-sp-800-53-r4?WT.mc_id=Portal-fx#audit-record-retention)\r\n\r\n\ta. Provide audit record generation capability for the event types the system is capable of auditing as defined in AU-2a on [Assignment: organization-defined system components];\r\n\tb. Allow [Assignment: organization-defined personnel or roles] to select the event types that are to be logged by specific components of the system; and\r\n\tc. Generate audit records for the event types defined in AU-2c that include the audit record content defined in AU-3.\r\n\r\n### Recommended Logs\r\n🔷 [SecurityRegulatoryCompliance](https://docs.microsoft.com/azure/azure-monitor/reference/tables/securityregulatorycompliance) ✳️ [Microsoft Defender for Cloud](https://azure.microsoft.com/services/security-center/)<br>  \r\n\r\n### Implementation\r\n💡 [Connect Azure Active Directory (Azure AD) data to Microsoft Sentinel](https://docs.microsoft.com/azure/sentinel/connect-azure-active-directory)<br>\r\n💡 [Use Azure Monitor workbooks to visualize and monitor your data](https://docs.microsoft.com/azure/sentinel/monitor-your-data)<br>\r\n💡 [Create new workbook](https://docs.microsoft.com/azure/sentinel/monitor-your-data#create-new-workbook)<br>\r\n💡 [Microsoft Sentinel data connectors](https://docs.microsoft.com/azure/sentinel/connect-data-sources)<br>\r\n💡 [Turn auditing on or off](https://docs.microsoft.com/microsoft-365/compliance/turn-audit-log-search-on-or-off?#turn-on-audit-log-search)<br>\r\n💡 [Security & Compliance Center](https://docs.microsoft.com/office365/servicedescriptions/office-365-platform-service-description/office-365-securitycompliance-center)<br>\r\n💡 [Audited activities](https://docs.microsoft.com/microsoft-365/compliance/search-the-audit-log-in-security-and-compliance?#audited-activities)<br>\r\n💡 [Use audit logs to track and monitor events in Microsoft Intune](https://docs.microsoft.com/mem/intune/fundamentals/monitor-audit-logs)<br>\r\n\r\n### Microsoft Portals\r\n🔀 [Microsoft Defender for Cloud: Regulatory Compliance](https://portal.azure.com/#blade/Microsoft_Azure_Security/SecurityMenuBlade/22)<br>\r\n🔀 [Microsoft Endpoint Manager Admin Center](https://endpoint.microsoft.com/#home)<br>\r\n🔀 [Microsoft 365 Compliance Manager](https://compliance.microsoft.com/homepage)<br>\r\n🔀 [Azure Active Directory](https://portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/Overview)<br>\r\n🔀 [Azure Monitor](https://portal.azure.com/#blade/Microsoft_Azure_Monitoring/AzureMonitoringBrowseBlade/overview)<br>\r\n\r\n### NIST SP 800-53 Guidance\r\n[AU-12](https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control?version=5.1&number=AU-12)<br>\r\n\r\n### Assessment\r\n"
+                          "json": "# [Audit Generation (AU-12)](https://docs.microsoft.com/azure/governance/policy/samples/nist-sp-800-53-r4?WT.mc_id=Portal-fx#audit-record-retention)\r\n\r\n\ta. Provide audit record generation capability for the event types the system is capable of auditing as defined in AU-2a on [Assignment: organization-defined system components];\r\n\tb. Allow [Assignment: organization-defined personnel or roles] to select the event types that are to be logged by specific components of the system; and\r\n\tc. Generate audit records for the event types defined in AU-2c that include the audit record content defined in AU-3.\r\n\r\n### Recommended Logs\r\n🔷 [SecurityRegulatoryCompliance](https://docs.microsoft.com/azure/azure-monitor/reference/tables/securityregulatorycompliance) ✳️ [Microsoft Defender for Cloud](https://azure.microsoft.com/services/security-center/)<br>  \r\n\r\n### Implementation\r\n💡 [Connect Microsoft Entra ID data to Microsoft Sentinel](https://docs.microsoft.com/azure/sentinel/connect-azure-active-directory)<br>\r\n💡 [Use Azure Monitor workbooks to visualize and monitor your data](https://docs.microsoft.com/azure/sentinel/monitor-your-data)<br>\r\n💡 [Create new workbook](https://docs.microsoft.com/azure/sentinel/monitor-your-data#create-new-workbook)<br>\r\n💡 [Microsoft Sentinel data connectors](https://docs.microsoft.com/azure/sentinel/connect-data-sources)<br>\r\n💡 [Turn auditing on or off](https://docs.microsoft.com/microsoft-365/compliance/turn-audit-log-search-on-or-off?#turn-on-audit-log-search)<br>\r\n💡 [Security & Compliance Center](https://docs.microsoft.com/office365/servicedescriptions/office-365-platform-service-description/office-365-securitycompliance-center)<br>\r\n💡 [Audited activities](https://docs.microsoft.com/microsoft-365/compliance/search-the-audit-log-in-security-and-compliance?#audited-activities)<br>\r\n💡 [Use audit logs to track and monitor events in Microsoft Intune](https://docs.microsoft.com/mem/intune/fundamentals/monitor-audit-logs)<br>\r\n\r\n### Microsoft Portals\r\n🔀 [Microsoft Defender for Cloud: Regulatory Compliance](https://portal.azure.com/#blade/Microsoft_Azure_Security/SecurityMenuBlade/22)<br>\r\n🔀 [Microsoft Endpoint Manager Admin Center](https://endpoint.microsoft.com/#home)<br>\r\n🔀 [Microsoft 365 Compliance Manager](https://compliance.microsoft.com/homepage)<br>\r\n🔀 [Microsoft Entra ID](https://portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/Overview)<br>\r\n🔀 [Azure Monitor](https://portal.azure.com/#blade/Microsoft_Azure_Monitoring/AzureMonitoringBrowseBlade/overview)<br>\r\n\r\n### NIST SP 800-53 Guidance\r\n[AU-12](https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control?version=5.1&number=AU-12)<br>\r\n\r\n### Assessment\r\n"
                        },
                        "name": "text - 2"
                      },
@ -10651,7 +10651,7 @@
                      {
                        "type": 1,
                        "content": {
-                          "json": "# [Security Impact Analysis (CM-4)](https://docs.microsoft.com/azure/governance/policy/samples/nist-sp-800-53-r4#security-impact-analysis)\r\n\r\nAnalyze changes to the system to determine potential security and privacy impacts prior to change implementation.\r\n\r\n### Recommended Logs\r\n🔷 [SecurityRecommendation](https://docs.microsoft.com/azure/azure-monitor/reference/tables/securityrecommendation) ✳️ [Microsoft Defender for Cloud](https://azure.microsoft.com/services/security-center/)<br> \r\n\r\n### Implementation\r\n💡 [Review your security recommendations](https://docs.microsoft.com/azure/defender-for-cloud/review-security-recommendations)<br>\r\n💡 [Microsoft Sentinel: Training Lab Solution](https://techcommunity.microsoft.com/t5/microsoft-sentinel-blog/learning-with-the-microsoft-sentinel-training-lab/ba-p/2953403)<br>\r\n💡 [The simulated enterprise base configuration](https://docs.microsoft.com/microsoft-365/enterprise/simulated-ent-base-configuration-microsoft-365-enterprise)<br>\r\n💡 [Azure DevTest Labs](https://azure.microsoft.com/services/devtest-lab/)<br>\r\n💡 [Microsoft 365 for enterprise Test Lab Guides](https://docs.microsoft.com/microsoft-365/enterprise/m365-enterprise-test-lab-guides)<br>\r\n💡 [What is Conditional Access report-only mode?](https://docs.microsoft.com/azure/active-directory/conditional-access/concept-conditional-access-report-only)<br>\r\n\r\n### Microsoft Portals\r\n🔀 [Microsoft Defender for Cloud: Recommendations](https://portal.azure.com/#blade/Microsoft_Azure_Security/SecurityMenuBlade/5)<br>\r\n🔀 [Azure AD: Conditional Access](https://portal.azure.com/#blade/Microsoft_AAD_IAM/ConditionalAccessBlade/Policies)<br>\r\n🔀 [Microsoft Endpoint Manager Admin Center](https://endpoint.microsoft.com/#home)<br>\r\n\r\n### NIST SP 800-53 Guidance\r\n[CM-4](https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control?version=5.1&number=CM-4)<br>\r\n\r\n### Assessment\r\n"
+                          "json": "# [Security Impact Analysis (CM-4)](https://docs.microsoft.com/azure/governance/policy/samples/nist-sp-800-53-r4#security-impact-analysis)\r\n\r\nAnalyze changes to the system to determine potential security and privacy impacts prior to change implementation.\r\n\r\n### Recommended Logs\r\n🔷 [SecurityRecommendation](https://docs.microsoft.com/azure/azure-monitor/reference/tables/securityrecommendation) ✳️ [Microsoft Defender for Cloud](https://azure.microsoft.com/services/security-center/)<br> \r\n\r\n### Implementation\r\n💡 [Review your security recommendations](https://docs.microsoft.com/azure/defender-for-cloud/review-security-recommendations)<br>\r\n💡 [Microsoft Sentinel: Training Lab Solution](https://techcommunity.microsoft.com/t5/microsoft-sentinel-blog/learning-with-the-microsoft-sentinel-training-lab/ba-p/2953403)<br>\r\n💡 [The simulated enterprise base configuration](https://docs.microsoft.com/microsoft-365/enterprise/simulated-ent-base-configuration-microsoft-365-enterprise)<br>\r\n💡 [Azure DevTest Labs](https://azure.microsoft.com/services/devtest-lab/)<br>\r\n💡 [Microsoft 365 for enterprise Test Lab Guides](https://docs.microsoft.com/microsoft-365/enterprise/m365-enterprise-test-lab-guides)<br>\r\n💡 [What is Conditional Access report-only mode?](https://docs.microsoft.com/azure/active-directory/conditional-access/concept-conditional-access-report-only)<br>\r\n\r\n### Microsoft Portals\r\n🔀 [Microsoft Defender for Cloud: Recommendations](https://portal.azure.com/#blade/Microsoft_Azure_Security/SecurityMenuBlade/5)<br>\r\n🔀 [Microsoft Entra ID: Conditional Access](https://portal.azure.com/#blade/Microsoft_AAD_IAM/ConditionalAccessBlade/Policies)<br>\r\n🔀 [Microsoft Endpoint Manager Admin Center](https://endpoint.microsoft.com/#home)<br>\r\n\r\n### NIST SP 800-53 Guidance\r\n[CM-4](https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control?version=5.1&number=CM-4)<br>\r\n\r\n### Assessment\r\n"
                        },
                        "name": "text - 2"
                      },
@ -10846,7 +10846,7 @@
                      {
                        "type": 1,
                        "content": {
-                          "json": "# [Access Restrictions for Change (CM-5)](https://docs.microsoft.com/azure/governance/policy/samples/nist-sp-800-53-r4#access-restrictions-for-change)\r\n\r\nDefine, document, approve, and enforce physical and logical access restrictions associated with changes to the system.\r\n\r\n### Recommended Logs\r\n🔷 [AuditLogs](https://docs.microsoft.com/azure/azure-monitor/reference/tables/auditlogs?WT.mc_id=Portal-fx) ✳️ [Azure Active Directory](https://azure.microsoft.com/services/active-directory/)<br> \r\n\r\n### Implementation\r\n💡 [What is Azure role-based access control (Azure RBAC)?](https://docs.microsoft.com/azure/role-based-access-control/overview)<br>\r\n💡 [What is Azure AD Privileged Identity Management?](https://docs.microsoft.com/azure/active-directory/privileged-identity-management/pim-configure)<br>\r\n💡 [Enable and request just-in-time access for Azure Managed Applications](https://docs.microsoft.com/azure/azure-resource-manager/managed-applications/request-just-in-time-access)<br>\r\n💡 [Office 365 Security & Compliance: Enable Auditing for Admins](https://docs.microsoft.com/microsoft-365/compliance/turn-audit-log-search-on-or-off)<br>\r\n💡 [Audited Activities](https://docs.microsoft.com/microsoft-365/compliance/search-the-audit-log-in-security-and-compliance)<br>\r\n💡 [Use audit logs to track and monitor events in Microsoft Intune](https://docs.microsoft.com/mem/intune/fundamentals/monitor-audit-logs)<br>\r\n\r\n### Microsoft Portals\r\n🔀 [Azure Active Directory](https://portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/Overview) <br>\r\n🔀 [Azure AD: Privileged Identity Management](https://portal.azure.com/#blade/Microsoft_Azure_PIMCommon/CommonMenuBlade/quickStart) <br>\r\n🔀 [Microsoft 365 Compliance: Audit](https://compliance.microsoft.com/auditlogsearch?viewid=Test%20Tab) <br>\r\n🔀 [Microsoft Endpoint Manager Admin Center](https://endpoint.microsoft.com/) <br>\r\n\r\n### NIST SP 800-53 Guidance\r\n[CM-5](https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control?version=5.1&number=CM-5)<br>\r\n\r\n### Assessment\r\n"
+                          "json": "# [Access Restrictions for Change (CM-5)](https://docs.microsoft.com/azure/governance/policy/samples/nist-sp-800-53-r4#access-restrictions-for-change)\r\n\r\nDefine, document, approve, and enforce physical and logical access restrictions associated with changes to the system.\r\n\r\n### Recommended Logs\r\n🔷 [AuditLogs](https://docs.microsoft.com/azure/azure-monitor/reference/tables/auditlogs?WT.mc_id=Portal-fx) ✳️ [Microsoft Entra ID](https://azure.microsoft.com/services/active-directory/)<br> \r\n\r\n### Implementation\r\n💡 [What is Azure role-based access control (Azure RBAC)?](https://docs.microsoft.com/azure/role-based-access-control/overview)<br>\r\n💡 [What is Microsoft Entra ID Privileged Identity Management?](https://docs.microsoft.com/azure/active-directory/privileged-identity-management/pim-configure)<br>\r\n💡 [Enable and request just-in-time access for Azure Managed Applications](https://docs.microsoft.com/azure/azure-resource-manager/managed-applications/request-just-in-time-access)<br>\r\n💡 [Office 365 Security & Compliance: Enable Auditing for Admins](https://docs.microsoft.com/microsoft-365/compliance/turn-audit-log-search-on-or-off)<br>\r\n💡 [Audited Activities](https://docs.microsoft.com/microsoft-365/compliance/search-the-audit-log-in-security-and-compliance)<br>\r\n💡 [Use audit logs to track and monitor events in Microsoft Intune](https://docs.microsoft.com/mem/intune/fundamentals/monitor-audit-logs)<br>\r\n\r\n### Microsoft Portals\r\n🔀 [Microsoft Entra ID](https://portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/Overview) <br>\r\n🔀 [Microsoft Entra ID: Privileged Identity Management](https://portal.azure.com/#blade/Microsoft_Azure_PIMCommon/CommonMenuBlade/quickStart) <br>\r\n🔀 [Microsoft 365 Compliance: Audit](https://compliance.microsoft.com/auditlogsearch?viewid=Test%20Tab) <br>\r\n🔀 [Microsoft Endpoint Manager Admin Center](https://endpoint.microsoft.com/) <br>\r\n\r\n### NIST SP 800-53 Guidance\r\n[CM-5](https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control?version=5.1&number=CM-5)<br>\r\n\r\n### Assessment\r\n"
                        },
                        "name": "text - 2"
                      },
@ -11292,7 +11292,7 @@
                      {
                        "type": 1,
                        "content": {
-                          "json": "# [Least Functionality (CM-7)](https://docs.microsoft.com/azure/governance/policy/samples/nist-sp-800-53-r4#least-functionality)\r\n\r\n\ta. Configure the system to provide only [Assignment: organization-defined mission essential capabilities]; and\r\n\tb. Prohibit or restrict the use of the following functions, ports, protocols, software, and/or services: [Assignment: organization-defined prohibited or restricted functions, system ports, protocols, software, and/or services].\r\n\r\n### Recommended Logs\r\n🔷 [SecurityRegulatoryCompliance](https://docs.microsoft.com/azure/azure-monitor/reference/tables/securityregulatorycompliance) ✳️ [Microsoft Defender for Cloud](https://azure.microsoft.com/services/security-center/)<br>  \r\n\r\n### Implementation\r\n💡 [Remote access to on-premises applications through Azure AD Application Proxy](https://docs.microsoft.com/azure/active-directory/app-proxy/application-proxy)<br>\r\n💡 [Conditional Access: Grant](https://docs.microsoft.com/azure/active-directory/conditional-access/concept-conditional-access-grant)<br>\r\n💡 [Configure device restriction settings in Microsoft Intune](https://docs.microsoft.com/mem/intune/configuration/device-restrictions-configure#create-the-profile)<br>\r\n💡 [Use Windows 10 templates to configure group policy settings in Microsoft Intune](https://docs.microsoft.com/mem/intune/configuration/administrative-templates-windows)<br>\r\n💡 [Analyze your on-premises group policy objects (GPO) using Group Policy analytics in Microsoft Endpoint Manager](https://docs.microsoft.com/mem/intune/configuration/group-policy-analytics)<br>\r\n💡 [What are managed identities for Azure resources?](https://docs.microsoft.com/azure/active-directory/managed-identities-azure-resources/overview)<br>\r\n💡 [Manage user-assigned managed identities](https://docs.microsoft.com/azure/active-directory/managed-identities-azure-resources/how-manage-user-assigned-managed-identities?pivots=identity-mi-methods-azp)<br>\r\n\r\n### Microsoft Portals\r\n🔀 [Microsoft Defender for Cloud: Regulatory Compliance](https://portal.azure.com/#blade/Microsoft_Azure_Security/SecurityMenuBlade/22)<br>\r\n🔀 [Microsoft Endpoint Manager Admin Center](https://endpoint.microsoft.com/#home)<br>\r\n🔀 [Azure AD: Conditional Access](https://portal.azure.com/#blade/Microsoft_AAD_IAM/ConditionalAccessBlade/Policies)<br>\r\n🔀 [Managed Identities](https://portal.azure.com/#blade/HubsExtension/BrowseResource/resourceType/Microsoft.ManagedIdentity%2FuserAssignedIdentities)<br>\r\n\r\n### NIST SP 800-53 Guidance\r\n[CM-7](https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control?version=5.1&number=CM-7)<br>\r\n\r\n### Assessment\r\n"
+                          "json": "# [Least Functionality (CM-7)](https://docs.microsoft.com/azure/governance/policy/samples/nist-sp-800-53-r4#least-functionality)\r\n\r\n\ta. Configure the system to provide only [Assignment: organization-defined mission essential capabilities]; and\r\n\tb. Prohibit or restrict the use of the following functions, ports, protocols, software, and/or services: [Assignment: organization-defined prohibited or restricted functions, system ports, protocols, software, and/or services].\r\n\r\n### Recommended Logs\r\n🔷 [SecurityRegulatoryCompliance](https://docs.microsoft.com/azure/azure-monitor/reference/tables/securityregulatorycompliance) ✳️ [Microsoft Defender for Cloud](https://azure.microsoft.com/services/security-center/)<br>  \r\n\r\n### Implementation\r\n💡 [Remote access to on-premises applications through Microsoft Entra ID Application Proxy](https://docs.microsoft.com/azure/active-directory/app-proxy/application-proxy)<br>\r\n💡 [Conditional Access: Grant](https://docs.microsoft.com/azure/active-directory/conditional-access/concept-conditional-access-grant)<br>\r\n💡 [Configure device restriction settings in Microsoft Intune](https://docs.microsoft.com/mem/intune/configuration/device-restrictions-configure#create-the-profile)<br>\r\n💡 [Use Windows 10 templates to configure group policy settings in Microsoft Intune](https://docs.microsoft.com/mem/intune/configuration/administrative-templates-windows)<br>\r\n💡 [Analyze your on-premises group policy objects (GPO) using Group Policy analytics in Microsoft Endpoint Manager](https://docs.microsoft.com/mem/intune/configuration/group-policy-analytics)<br>\r\n💡 [What are managed identities for Azure resources?](https://docs.microsoft.com/azure/active-directory/managed-identities-azure-resources/overview)<br>\r\n💡 [Manage user-assigned managed identities](https://docs.microsoft.com/azure/active-directory/managed-identities-azure-resources/how-manage-user-assigned-managed-identities?pivots=identity-mi-methods-azp)<br>\r\n\r\n### Microsoft Portals\r\n🔀 [Microsoft Defender for Cloud: Regulatory Compliance](https://portal.azure.com/#blade/Microsoft_Azure_Security/SecurityMenuBlade/22)<br>\r\n🔀 [Microsoft Endpoint Manager Admin Center](https://endpoint.microsoft.com/#home)<br>\r\n🔀 [Microsoft Entra ID: Conditional Access](https://portal.azure.com/#blade/Microsoft_AAD_IAM/ConditionalAccessBlade/Policies)<br>\r\n🔀 [Managed Identities](https://portal.azure.com/#blade/HubsExtension/BrowseResource/resourceType/Microsoft.ManagedIdentity%2FuserAssignedIdentities)<br>\r\n\r\n### NIST SP 800-53 Guidance\r\n[CM-7](https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control?version=5.1&number=CM-7)<br>\r\n\r\n### Assessment\r\n"
                        },
                        "name": "text - 2"
                      },
@ -11924,7 +11924,7 @@
                      {
                        "type": 1,
                        "content": {
-                          "json": "# [Software Usage Restrictions (CM-10)](https://docs.microsoft.com/azure/governance/policy/samples/nist-sp-800-53-r4#software-usage-restrictions)\r\n\r\n\ta. Use software and associated documentation in accordance with contract agreements and copyright laws;\r\n\tb. Track the use of software and associated documentation protected by quantity licenses to control copying and distribution; and\r\n\tc. Control and document the use of peer-to-peer file sharing technology to ensure that this capability is not used for the unauthorized distribution, display, performance, or reproduction of copyrighted work.\r\n\r\n### Recommended Logs\r\n🔷 [SecurityRegulatoryCompliance](https://docs.microsoft.com/azure/azure-monitor/reference/tables/securityregulatorycompliance) ✳️ [Microsoft Defender for Cloud](https://azure.microsoft.com/services/security-center/)<br>  \r\n\r\n### Implementation\r\n💡 [Introduction to Microsoft Defender for servers](https://docs.microsoft.com/azure/defender-for-cloud/defender-for-servers-introduction)<br>\r\n💡 [Use adaptive application controls to reduce your machines' attack surfaces](https://docs.microsoft.com/azure/defender-for-cloud/adaptive-application-controls)<br>\r\n💡 [Change Tracking and Inventory overview](https://docs.microsoft.com/azure/automation/change-tracking/overview)<br>\r\n💡 [Quickstart: Enable enhanced security features](https://docs.microsoft.com/azure/defender-for-cloud/enable-enhanced-security)<br>\r\n💡 [Log Analytics agent overview](https://docs.microsoft.com/azure/azure-monitor/agents/log-analytics-agent)<br>\r\n💡 [Conditional Access: Grant](https://docs.microsoft.com/azure/active-directory/conditional-access/concept-conditional-access-grant)<br>\r\n\r\n### Microsoft Portals\r\n🔀 [Microsoft Defender for Cloud: Regulatory Compliance](https://portal.azure.com/#blade/Microsoft_Azure_Security/SecurityMenuBlade/22)<br>\r\n🔀 [Microsoft Endpoint Manager Admin Center](https://endpoint.microsoft.com/#home)<br>\r\n🔀 [Azure AD: Conditional Access](https://portal.azure.com/#blade/Microsoft_AAD_IAM/ConditionalAccessBlade/Policies)<br>\r\n🔀 [Automation Accounts](https://portal.azure.com/#blade/HubsExtension/BrowseResource/resourceType/Microsoft.Automation%2FAutomationAccounts)<br>\r\n\r\n### NIST SP 800-53 Guidance\r\n[CM-10](https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control?version=5.1&number=CM-10)<br>\r\n\r\n### Assessment\r\n"
+                          "json": "# [Software Usage Restrictions (CM-10)](https://docs.microsoft.com/azure/governance/policy/samples/nist-sp-800-53-r4#software-usage-restrictions)\r\n\r\n\ta. Use software and associated documentation in accordance with contract agreements and copyright laws;\r\n\tb. Track the use of software and associated documentation protected by quantity licenses to control copying and distribution; and\r\n\tc. Control and document the use of peer-to-peer file sharing technology to ensure that this capability is not used for the unauthorized distribution, display, performance, or reproduction of copyrighted work.\r\n\r\n### Recommended Logs\r\n🔷 [SecurityRegulatoryCompliance](https://docs.microsoft.com/azure/azure-monitor/reference/tables/securityregulatorycompliance) ✳️ [Microsoft Defender for Cloud](https://azure.microsoft.com/services/security-center/)<br>  \r\n\r\n### Implementation\r\n💡 [Introduction to Microsoft Defender for servers](https://docs.microsoft.com/azure/defender-for-cloud/defender-for-servers-introduction)<br>\r\n💡 [Use adaptive application controls to reduce your machines' attack surfaces](https://docs.microsoft.com/azure/defender-for-cloud/adaptive-application-controls)<br>\r\n💡 [Change Tracking and Inventory overview](https://docs.microsoft.com/azure/automation/change-tracking/overview)<br>\r\n💡 [Quickstart: Enable enhanced security features](https://docs.microsoft.com/azure/defender-for-cloud/enable-enhanced-security)<br>\r\n💡 [Log Analytics agent overview](https://docs.microsoft.com/azure/azure-monitor/agents/log-analytics-agent)<br>\r\n💡 [Conditional Access: Grant](https://docs.microsoft.com/azure/active-directory/conditional-access/concept-conditional-access-grant)<br>\r\n\r\n### Microsoft Portals\r\n🔀 [Microsoft Defender for Cloud: Regulatory Compliance](https://portal.azure.com/#blade/Microsoft_Azure_Security/SecurityMenuBlade/22)<br>\r\n🔀 [Microsoft Endpoint Manager Admin Center](https://endpoint.microsoft.com/#home)<br>\r\n🔀 [Microsoft Entra ID: Conditional Access](https://portal.azure.com/#blade/Microsoft_AAD_IAM/ConditionalAccessBlade/Policies)<br>\r\n🔀 [Automation Accounts](https://portal.azure.com/#blade/HubsExtension/BrowseResource/resourceType/Microsoft.Automation%2FAutomationAccounts)<br>\r\n\r\n### NIST SP 800-53 Guidance\r\n[CM-10](https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control?version=5.1&number=CM-10)<br>\r\n\r\n### Assessment\r\n"
                        },
                        "name": "text - 2"
                      },
@ -12150,7 +12150,7 @@
                      {
                        "type": 1,
                        "content": {
-                          "json": "# [User-Installed Software (CM-11)](https://docs.microsoft.com/azure/governance/policy/samples/nist-sp-800-53-r4#user-installed-software)\r\n\r\n\ta. Establish [Assignment: organization-defined policies] governing the installation of software by users;\r\n\tb. Enforce software installation policies through the following methods: [Assignment: organization-defined methods]; and\r\n\tc. Monitor policy compliance [Assignment: organization-defined frequency].\r\n\r\n### Recommended Logs\r\n🔷 [SecurityRegulatoryCompliance](https://docs.microsoft.com/azure/azure-monitor/reference/tables/securityregulatorycompliance) ✳️ [Microsoft Defender for Cloud](https://azure.microsoft.com/services/security-center/)<br>  \r\n\r\n### Implementation\r\n💡 [Introduction to Microsoft Defender for servers](https://docs.microsoft.com/azure/defender-for-cloud/defender-for-servers-introduction)<br>\r\n💡 [Use adaptive application controls to reduce your machines' attack surfaces](https://docs.microsoft.com/azure/defender-for-cloud/adaptive-application-controls)<br>\r\n💡 [Change Tracking and Inventory overview](https://docs.microsoft.com/azure/automation/change-tracking/overview)<br>\r\n💡 [Quickstart: Enable enhanced security features](https://docs.microsoft.com/azure/defender-for-cloud/enable-enhanced-security)<br>\r\n💡 [Log Analytics agent overview](https://docs.microsoft.com/azure/azure-monitor/agents/log-analytics-agent)<br>\r\n💡 [Conditional Access: Grant](https://docs.microsoft.com/azure/active-directory/conditional-access/concept-conditional-access-grant)<br>\r\n\r\n### Microsoft Portals\r\n🔀 [Microsoft Defender for Cloud: Regulatory Compliance](https://portal.azure.com/#blade/Microsoft_Azure_Security/SecurityMenuBlade/22)<br>\r\n🔀 [Microsoft Endpoint Manager Admin Center](https://endpoint.microsoft.com/#home)<br>\r\n🔀 [Azure AD: Conditional Access](https://portal.azure.com/#blade/Microsoft_AAD_IAM/ConditionalAccessBlade/Policies)<br>\r\n🔀 [Automation Accounts](https://portal.azure.com/#blade/HubsExtension/BrowseResource/resourceType/Microsoft.Automation%2FAutomationAccounts)<br>\r\n\r\n### NIST SP 800-53 Guidance\r\n[CM-11](https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control?version=5.1&number=CM-11)<br>\r\n\r\n### Assessment\r\n"
+                          "json": "# [User-Installed Software (CM-11)](https://docs.microsoft.com/azure/governance/policy/samples/nist-sp-800-53-r4#user-installed-software)\r\n\r\n\ta. Establish [Assignment: organization-defined policies] governing the installation of software by users;\r\n\tb. Enforce software installation policies through the following methods: [Assignment: organization-defined methods]; and\r\n\tc. Monitor policy compliance [Assignment: organization-defined frequency].\r\n\r\n### Recommended Logs\r\n🔷 [SecurityRegulatoryCompliance](https://docs.microsoft.com/azure/azure-monitor/reference/tables/securityregulatorycompliance) ✳️ [Microsoft Defender for Cloud](https://azure.microsoft.com/services/security-center/)<br>  \r\n\r\n### Implementation\r\n💡 [Introduction to Microsoft Defender for servers](https://docs.microsoft.com/azure/defender-for-cloud/defender-for-servers-introduction)<br>\r\n💡 [Use adaptive application controls to reduce your machines' attack surfaces](https://docs.microsoft.com/azure/defender-for-cloud/adaptive-application-controls)<br>\r\n💡 [Change Tracking and Inventory overview](https://docs.microsoft.com/azure/automation/change-tracking/overview)<br>\r\n💡 [Quickstart: Enable enhanced security features](https://docs.microsoft.com/azure/defender-for-cloud/enable-enhanced-security)<br>\r\n💡 [Log Analytics agent overview](https://docs.microsoft.com/azure/azure-monitor/agents/log-analytics-agent)<br>\r\n💡 [Conditional Access: Grant](https://docs.microsoft.com/azure/active-directory/conditional-access/concept-conditional-access-grant)<br>\r\n\r\n### Microsoft Portals\r\n🔀 [Microsoft Defender for Cloud: Regulatory Compliance](https://portal.azure.com/#blade/Microsoft_Azure_Security/SecurityMenuBlade/22)<br>\r\n🔀 [Microsoft Endpoint Manager Admin Center](https://endpoint.microsoft.com/#home)<br>\r\n🔀 [Microsoft Entra ID: Conditional Access](https://portal.azure.com/#blade/Microsoft_AAD_IAM/ConditionalAccessBlade/Policies)<br>\r\n🔀 [Automation Accounts](https://portal.azure.com/#blade/HubsExtension/BrowseResource/resourceType/Microsoft.Automation%2FAutomationAccounts)<br>\r\n\r\n### NIST SP 800-53 Guidance\r\n[CM-11](https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control?version=5.1&number=CM-11)<br>\r\n\r\n### Assessment\r\n"
                        },
                        "name": "text - 2"
                      },
@ -13820,7 +13820,7 @@
                      {
                        "type": 1,
                        "content": {
-                          "json": "# [Organizational Users (IA-2)](https://docs.microsoft.com/azure/governance/policy/samples/nist-sp-800-53-r4#identification-and-authentication-organizational-users)\r\n\r\nUniquely identify and authenticate organizational users and associate that unique identification with processes acting on behalf of those users.\r\n\r\n### Recommended Logs\r\n🔷 [SigninLogs](https://docs.microsoft.com/azure/azure-monitor/reference/tables/signinlogs) ✳️ [Azure Active Directory](https://azure.microsoft.com/services/active-directory/)<br>\r\n🔷 [SecurityRegulatoryCompliance](https://docs.microsoft.com/azure/azure-monitor/reference/tables/securityregulatorycompliance) 🔷 [SecurityBaselines](https://docs.microsoft.com/azure/azure-monitor/reference/tables/securitybaseline) ✳️ [Microsoft Defender for Cloud](https://azure.microsoft.com/services/security-center/)<br>  \r\n\r\n### Implementation\r\n💡 [What is Conditional Access?](https://docs.microsoft.com/azure/active-directory/conditional-access/overview)<br>\r\n💡 [Building a Conditional Access policy](https://docs.microsoft.com/azure/active-directory/conditional-access/concept-conditional-access-policies)<br>\r\n💡 [How it works: Azure AD Multi-Factor Authentication](https://docs.microsoft.com/azure/active-directory/authentication/concept-mfa-howitworks)<br>\r\n💡 [Plan an Azure Active Directory Multi-Factor Authentication deployment](https://docs.microsoft.com/azure/active-directory/authentication/howto-mfa-getstarted)<br>\r\n💡 [What is Azure role-based access control (Azure RBAC)?](https://docs.microsoft.com/azure/role-based-access-control/overview)<br>\r\n💡 [Apply Azure security baselines to machines](https://docs.microsoft.com/azure/defender-for-cloud/apply-security-baseline)<br>\r\n\r\n### Microsoft Portals\r\n🔀 [Microsoft Defender for Cloud: Regulatory Compliance](https://portal.azure.com/#blade/Microsoft_Azure_Security/SecurityMenuBlade/22)<br>\r\n🔀 [Azure Active Directory: Users](https://portal.azure.com/#blade/Microsoft_AAD_IAM/UsersManagementMenuBlade/MsGraphUsers)<br>\r\n🔀 [Azure AD: Conditional Access](https://portal.azure.com/#blade/Microsoft_AAD_IAM/ConditionalAccessBlade/Policies)<br>\r\n\r\n### NIST SP 800-53 Guidance\r\n[IA-2](https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control?version=5.1&number=IA-2)<br>\r\n\r\n### Assessment\r\n"
+                          "json": "# [Organizational Users (IA-2)](https://docs.microsoft.com/azure/governance/policy/samples/nist-sp-800-53-r4#identification-and-authentication-organizational-users)\r\n\r\nUniquely identify and authenticate organizational users and associate that unique identification with processes acting on behalf of those users.\r\n\r\n### Recommended Logs\r\n🔷 [SigninLogs](https://docs.microsoft.com/azure/azure-monitor/reference/tables/signinlogs) ✳️ [Microsoft Entra ID](https://azure.microsoft.com/services/active-directory/)<br>\r\n🔷 [SecurityRegulatoryCompliance](https://docs.microsoft.com/azure/azure-monitor/reference/tables/securityregulatorycompliance) 🔷 [SecurityBaselines](https://docs.microsoft.com/azure/azure-monitor/reference/tables/securitybaseline) ✳️ [Microsoft Defender for Cloud](https://azure.microsoft.com/services/security-center/)<br>  \r\n\r\n### Implementation\r\n💡 [What is Conditional Access?](https://docs.microsoft.com/azure/active-directory/conditional-access/overview)<br>\r\n💡 [Building a Conditional Access policy](https://docs.microsoft.com/azure/active-directory/conditional-access/concept-conditional-access-policies)<br>\r\n💡 [How it works: Microsoft Entra ID Multi-Factor Authentication](https://docs.microsoft.com/azure/active-directory/authentication/concept-mfa-howitworks)<br>\r\n💡 [Plan an Microsoft Entra ID Multi-Factor Authentication deployment](https://docs.microsoft.com/azure/active-directory/authentication/howto-mfa-getstarted)<br>\r\n💡 [What is Azure role-based access control (Azure RBAC)?](https://docs.microsoft.com/azure/role-based-access-control/overview)<br>\r\n💡 [Apply Azure security baselines to machines](https://docs.microsoft.com/azure/defender-for-cloud/apply-security-baseline)<br>\r\n\r\n### Microsoft Portals\r\n🔀 [Microsoft Defender for Cloud: Regulatory Compliance](https://portal.azure.com/#blade/Microsoft_Azure_Security/SecurityMenuBlade/22)<br>\r\n🔀 [Microsoft Entra ID: Users](https://portal.azure.com/#blade/Microsoft_AAD_IAM/UsersManagementMenuBlade/MsGraphUsers)<br>\r\n🔀 [Microsoft Entra ID: Conditional Access](https://portal.azure.com/#blade/Microsoft_AAD_IAM/ConditionalAccessBlade/Policies)<br>\r\n\r\n### NIST SP 800-53 Guidance\r\n[IA-2](https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control?version=5.1&number=IA-2)<br>\r\n\r\n### Assessment\r\n"
                        },
                        "name": "text - 2"
                      },
@ -14212,7 +14212,7 @@
                      {
                        "type": 1,
                        "content": {
-                          "json": "# [Identifier Management (IA-4)](https://docs.microsoft.com/azure/governance/policy/samples/nist-sp-800-53-r4#identifier-management)\r\n\r\n\tManage system identifiers by:\r\n\ta. Receiving authorization from [Assignment: organization-defined personnel or roles] to assign an individual, group, role, service, or device identifier;\r\n\tb. Selecting an identifier that identifies an individual, group, role, service, or device;\r\n\tc. Assigning the identifier to the intended individual, group, role, service, or device; and\r\n\td. Preventing reuse of identifiers for [Assignment: organization-defined time period].\r\n\r\n### Recommended Logs\r\n🔷 [SecurityRegulatoryCompliance](https://docs.microsoft.com/azure/azure-monitor/reference/tables/securityregulatorycompliance) 🔷 [SecurityBaselines](https://docs.microsoft.com/azure/azure-monitor/reference/tables/securitybaseline) ✳️ [Microsoft Defender for Cloud](https://azure.microsoft.com/services/security-center/)<br> \r\n\r\n### Implementation\r\n💡 [Azure Active Directory fundamentals documentation](https://docs.microsoft.com/azure/active-directory/fundamentals/)<br>\r\n💡 [Govern access for external users in Azure AD entitlement management](https://docs.microsoft.com/azure/active-directory/governance/entitlement-management-external-users)<br>\r\n💡 [Use activity filters and create action policies with Microsoft Defender for Identity in Microsoft Defender for Cloud Apps](https://docs.microsoft.com/defender-for-identity/activities-filtering-mcas)<br>\r\n💡 [Security assessment: Dormant entities in sensitive groups](https://docs.microsoft.com/defender-for-identity/cas-isp-dormant-entities#how-do-i-use-this-security-assessment)<br>\r\n💡 [Create an access review of groups and applications in Azure AD](https://docs.microsoft.com/azure/active-directory/governance/create-access-review)<br>\r\n💡 [How to detect inactive user accounts](https://docs.microsoft.com/azure/active-directory/reports-monitoring/howto-manage-inactive-user-accounts#how-to-detect-inactive-user-accounts)<br>\r\n💡 [How To: Manage inactive user accounts in Azure AD](https://docs.microsoft.com/azure/active-directory/reports-monitoring/howto-manage-inactive-user-accounts)<br>\r\n💡 [Apply Azure security baselines to machines](https://docs.microsoft.com/azure/defender-for-cloud/apply-security-baseline)<br>\r\n\r\n### Microsoft Portals\r\n🔀 [Microsoft Defender for Cloud: Regulatory Compliance](https://portal.azure.com/#blade/Microsoft_Azure_Security/SecurityMenuBlade/22)<br>\r\n🔀 [Azure Active Directory](https://portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/Overview)<br>\r\n🔀 [Azure AD: Identity Governance - Access Reviews](https://portal.azure.com/#blade/Microsoft_AAD_ERM/DashboardBlade/Controls)<br>\r\n🔀 [Microsoft Defender for Cloud Apps](https://portal.cloudappsecurity.com/)<br>\r\n\r\n### NIST SP 800-53 Guidance\r\n[IA-4](https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control?version=5.1&number=IA-4)<br>\r\n\r\n### Assessment\r\n"
+                          "json": "# [Identifier Management (IA-4)](https://docs.microsoft.com/azure/governance/policy/samples/nist-sp-800-53-r4#identifier-management)\r\n\r\n\tManage system identifiers by:\r\n\ta. Receiving authorization from [Assignment: organization-defined personnel or roles] to assign an individual, group, role, service, or device identifier;\r\n\tb. Selecting an identifier that identifies an individual, group, role, service, or device;\r\n\tc. Assigning the identifier to the intended individual, group, role, service, or device; and\r\n\td. Preventing reuse of identifiers for [Assignment: organization-defined time period].\r\n\r\n### Recommended Logs\r\n🔷 [SecurityRegulatoryCompliance](https://docs.microsoft.com/azure/azure-monitor/reference/tables/securityregulatorycompliance) 🔷 [SecurityBaselines](https://docs.microsoft.com/azure/azure-monitor/reference/tables/securitybaseline) ✳️ [Microsoft Defender for Cloud](https://azure.microsoft.com/services/security-center/)<br> \r\n\r\n### Implementation\r\n💡 [Microsoft Entra ID fundamentals documentation](https://docs.microsoft.com/azure/active-directory/fundamentals/)<br>\r\n💡 [Govern access for external users in Microsoft Entra ID entitlement management](https://docs.microsoft.com/azure/active-directory/governance/entitlement-management-external-users)<br>\r\n💡 [Use activity filters and create action policies with Microsoft Defender for Identity in Microsoft Defender for Cloud Apps](https://docs.microsoft.com/defender-for-identity/activities-filtering-mcas)<br>\r\n💡 [Security assessment: Dormant entities in sensitive groups](https://docs.microsoft.com/defender-for-identity/cas-isp-dormant-entities#how-do-i-use-this-security-assessment)<br>\r\n💡 [Create an access review of groups and applications in Microsoft Entra ID](https://docs.microsoft.com/azure/active-directory/governance/create-access-review)<br>\r\n💡 [How to detect inactive user accounts](https://docs.microsoft.com/azure/active-directory/reports-monitoring/howto-manage-inactive-user-accounts#how-to-detect-inactive-user-accounts)<br>\r\n💡 [How To: Manage inactive user accounts in Microsoft Entra ID](https://docs.microsoft.com/azure/active-directory/reports-monitoring/howto-manage-inactive-user-accounts)<br>\r\n💡 [Apply Azure security baselines to machines](https://docs.microsoft.com/azure/defender-for-cloud/apply-security-baseline)<br>\r\n\r\n### Microsoft Portals\r\n🔀 [Microsoft Defender for Cloud: Regulatory Compliance](https://portal.azure.com/#blade/Microsoft_Azure_Security/SecurityMenuBlade/22)<br>\r\n🔀 [Microsoft Entra ID](https://portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/Overview)<br>\r\n🔀 [Microsoft Entra ID: Identity Governance - Access Reviews](https://portal.azure.com/#blade/Microsoft_AAD_ERM/DashboardBlade/Controls)<br>\r\n🔀 [Microsoft Defender for Cloud Apps](https://portal.cloudappsecurity.com/)<br>\r\n\r\n### NIST SP 800-53 Guidance\r\n[IA-4](https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control?version=5.1&number=IA-4)<br>\r\n\r\n### Assessment\r\n"
                        },
                        "name": "text - 2"
                      },
@ -14519,7 +14519,7 @@
                      {
                        "type": 1,
                        "content": {
-                          "json": "# [Authenticator Management (IA-5)](https://docs.microsoft.com/azure/governance/policy/samples/nist-sp-800-53-r4#identifier-management)\r\n\r\n\tManage system authenticators by:\r\n\ta. Verifying, as part of the initial authenticator distribution, the identity of the individual, group, role, service, or device receiving the authenticator;\r\n\tb. Establishing initial authenticator content for any authenticators issued by the organization;\r\n\tc. Ensuring that authenticators have sufficient strength of mechanism for their intended use;\r\n\td. Establishing and implementing administrative procedures for initial authenticator distribution, for lost or compromised or damaged authenticators, and for revoking authenticators;\r\n\te. Changing default authenticators prior to first use;\r\n\tf. Changing or refreshing authenticators [Assignment: organization-defined time period by authenticator type] or when [Assignment: organization-defined events] occur;\r\n\tg. Protecting authenticator content from unauthorized disclosure and modification;\r\n\th. Requiring individuals to take, and having devices implement, specific controls to protect authenticators; and\r\n\ti. Changing authenticators for group or role accounts when membership to those accounts changes.\r\n\r\n### Recommended Logs\r\n🔷 [SecurityRegulatoryCompliance](https://docs.microsoft.com/azure/azure-monitor/reference/tables/securityregulatorycompliance) 🔷 [SecurityBaselines](https://docs.microsoft.com/azure/azure-monitor/reference/tables/securitybaseline) ✳️ [Microsoft Defender for Cloud](https://azure.microsoft.com/services/security-center/)<br>  \r\n\r\n### Implementation\r\n💡 [Enforce on-premises Azure AD Password Protection for Active Directory Domain Services\r\n](https://docs.microsoft.com/azure/active-directory/authentication/concept-password-ban-bad-on-premises)<br>\r\n💡 [Create a custom password policy](https://docs.microsoft.com/azure/active-directory-domain-services/password-policy#create-a-custom-password-policy)<br>\r\n💡 [Password policies and account restrictions in Azure Active Directory](https://docs.microsoft.com/azure/active-directory/authentication/concept-sspr-policy)<br>\r\n💡 [Global banned password list](https://docs.microsoft.com/azure/active-directory/authentication/concept-password-ban-bad#global-banned-password-list)<br>\r\n💡 [Custom banned password list](https://docs.microsoft.com/azure/active-directory/authentication/concept-password-ban-bad#custom-banned-password-list)<br>\r\n💡 [Device password requirements](https://docs.microsoft.com/mem/intune/user-help/password-does-not-meet-it-administrator-requirements)<br>\r\n💡 [Compliance policy settings](https://docs.microsoft.com/mem/intune/protect/device-compliance-get-started#compliance-policy-settings)<br>\r\n💡 [Integrate with Conditional Access](https://docs.microsoft.com/mem/intune/protect/device-compliance-get-started#integrate-with-conditional-access)<br>\r\n💡 [Access model overview](https://docs.microsoft.com/azure/key-vault/general/security-features#access-model-overview)<br>\r\n💡 [Apply Azure security baselines to machines](https://docs.microsoft.com/azure/defender-for-cloud/apply-security-baseline)<br>\r\n\r\n### Microsoft Portals\r\n🔀 [Microsoft Defender for Cloud: Regulatory Compliance](https://portal.azure.com/#blade/Microsoft_Azure_Security/SecurityMenuBlade/22)<br>\r\n🔀 [Microsoft Endpoint Manager Admin Center](https://endpoint.microsoft.com/#home)<br>\r\n🔀 [Azure AD: Conditional Access](https://portal.azure.com/#blade/Microsoft_AAD_IAM/ConditionalAccessBlade/Policies)<br>\r\n🔀 [Azure AD: Password Protection](https://portal.azure.com/#blade/Microsoft_AAD_IAM/PasswordProtectionBlade)<br>\r\n🔀 [Azure AD: Authenticator Management](https://portal.azure.com/#blade/Microsoft_AAD_IAM/AuthenticationMethodsMenuBlade/AdminAuthMethods)<br>\r\n🔀 [Key Vault](https://portal.azure.com/#blade/HubsExtension/BrowseResource/resourceType/Microsoft.KeyVault%2Fvaults)<br>\r\n\r\n### NIST SP 800-53 Guidance\r\n[IA-5](https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control?version=5.1&number=IA-5)<br>\r\n\r\n### Assessment\r\n"
+                          "json": "# [Authenticator Management (IA-5)](https://docs.microsoft.com/azure/governance/policy/samples/nist-sp-800-53-r4#identifier-management)\r\n\r\n\tManage system authenticators by:\r\n\ta. Verifying, as part of the initial authenticator distribution, the identity of the individual, group, role, service, or device receiving the authenticator;\r\n\tb. Establishing initial authenticator content for any authenticators issued by the organization;\r\n\tc. Ensuring that authenticators have sufficient strength of mechanism for their intended use;\r\n\td. Establishing and implementing administrative procedures for initial authenticator distribution, for lost or compromised or damaged authenticators, and for revoking authenticators;\r\n\te. Changing default authenticators prior to first use;\r\n\tf. Changing or refreshing authenticators [Assignment: organization-defined time period by authenticator type] or when [Assignment: organization-defined events] occur;\r\n\tg. Protecting authenticator content from unauthorized disclosure and modification;\r\n\th. Requiring individuals to take, and having devices implement, specific controls to protect authenticators; and\r\n\ti. Changing authenticators for group or role accounts when membership to those accounts changes.\r\n\r\n### Recommended Logs\r\n🔷 [SecurityRegulatoryCompliance](https://docs.microsoft.com/azure/azure-monitor/reference/tables/securityregulatorycompliance) 🔷 [SecurityBaselines](https://docs.microsoft.com/azure/azure-monitor/reference/tables/securitybaseline) ✳️ [Microsoft Defender for Cloud](https://azure.microsoft.com/services/security-center/)<br>  \r\n\r\n### Implementation\r\n💡 [Enforce on-premises Microsoft Entra ID Password Protection for Active Directory Domain Services\r\n](https://docs.microsoft.com/azure/active-directory/authentication/concept-password-ban-bad-on-premises)<br>\r\n💡 [Create a custom password policy](https://docs.microsoft.com/azure/active-directory-domain-services/password-policy#create-a-custom-password-policy)<br>\r\n💡 [Password policies and account restrictions in Microsoft Entra ID](https://docs.microsoft.com/azure/active-directory/authentication/concept-sspr-policy)<br>\r\n💡 [Global banned password list](https://docs.microsoft.com/azure/active-directory/authentication/concept-password-ban-bad#global-banned-password-list)<br>\r\n💡 [Custom banned password list](https://docs.microsoft.com/azure/active-directory/authentication/concept-password-ban-bad#custom-banned-password-list)<br>\r\n💡 [Device password requirements](https://docs.microsoft.com/mem/intune/user-help/password-does-not-meet-it-administrator-requirements)<br>\r\n💡 [Compliance policy settings](https://docs.microsoft.com/mem/intune/protect/device-compliance-get-started#compliance-policy-settings)<br>\r\n💡 [Integrate with Conditional Access](https://docs.microsoft.com/mem/intune/protect/device-compliance-get-started#integrate-with-conditional-access)<br>\r\n💡 [Access model overview](https://docs.microsoft.com/azure/key-vault/general/security-features#access-model-overview)<br>\r\n💡 [Apply Azure security baselines to machines](https://docs.microsoft.com/azure/defender-for-cloud/apply-security-baseline)<br>\r\n\r\n### Microsoft Portals\r\n🔀 [Microsoft Defender for Cloud: Regulatory Compliance](https://portal.azure.com/#blade/Microsoft_Azure_Security/SecurityMenuBlade/22)<br>\r\n🔀 [Microsoft Endpoint Manager Admin Center](https://endpoint.microsoft.com/#home)<br>\r\n🔀 [Microsoft Entra ID: Conditional Access](https://portal.azure.com/#blade/Microsoft_AAD_IAM/ConditionalAccessBlade/Policies)<br>\r\n🔀 [Microsoft Entra ID: Password Protection](https://portal.azure.com/#blade/Microsoft_AAD_IAM/PasswordProtectionBlade)<br>\r\n🔀 [Microsoft Entra: Authenticator Management](https://portal.azure.com/#blade/Microsoft_AAD_IAM/AuthenticationMethodsMenuBlade/AdminAuthMethods)<br>\r\n🔀 [Key Vault](https://portal.azure.com/#blade/HubsExtension/BrowseResource/resourceType/Microsoft.KeyVault%2Fvaults)<br>\r\n\r\n### NIST SP 800-53 Guidance\r\n[IA-5](https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control?version=5.1&number=IA-5)<br>\r\n\r\n### Assessment\r\n"
                        },
                        "name": "text - 2"
                      },
@ -14804,7 +14804,7 @@
                            {
                              "id": "a32b5156-4cec-481d-83b3-165ca9208301",
                              "linkTarget": "OpenBlade",
-                              "linkLabel": "Azure Active Directory: Password Protection (Banned Passwords)",
+                              "linkLabel": "Microsoft Entra ID: Password Protection (Banned Passwords)",
                              "style": "secondary",
                              "bladeOpenContext": {
                                "bladeName": "PasswordProtectionBlade",
@ -14815,7 +14815,7 @@
                            {
                              "id": "27d9b4d1-fc6b-4813-b851-f8bd130d0be5",
                              "linkTarget": "OpenBlade",
-                              "linkLabel": "Azure Active Directory: Authenticator Management",
+                              "linkLabel": "Microsoft Entra ID: Authenticator Management",
                              "style": "secondary",
                              "bladeOpenContext": {
                                "bladeName": "AuthenticationMethodsMenuBlade",
@ -14826,7 +14826,7 @@
                            {
                              "id": "d1f6bb1b-7fa4-49cf-91cd-2f67465563aa",
                              "linkTarget": "OpenBlade",
-                              "linkLabel": "Azure Active Directory: Conditional Access",
+                              "linkLabel": "Microsoft Entra ID: Conditional Access",
                              "style": "secondary",
                              "bladeOpenContext": {
                                "bladeName": "ConditionalAccessBlade",
@ -15061,7 +15061,7 @@
                      {
                        "type": 1,
                        "content": {
-                          "json": "# [Cryptographic Module Authentication (IA-7)](https://docs.microsoft.com/azure/governance/policy/samples/nist-sp-800-53-r4#cryptographic-module-authentication)\r\n\r\nImplement mechanisms for authentication to a cryptographic module that meet the requirements of applicable laws, executive orders, directives, policies, regulations, standards, and guidelines for such authentication.\r\n\r\n### Recommended Logs\r\n🔷 [SecurityRecommendation](https://docs.microsoft.com/azure/azure-monitor/reference/tables/securityrecommendation) ✳️ [Microsoft Defender for Cloud](https://azure.microsoft.com/services/security-center/)<br> \r\n\r\n### Implementation\r\n💡 [Configure identification and authentication controls to meet FedRAMP High Impact level](https://docs.microsoft.com/azure/active-directory/standards/fedramp-identification-and-authentication-controls)<br>\r\n💡 [Configure Azure Active Directory to meet NIST authenticator assurance levels](https://docs.microsoft.com/azure/active-directory/standards/nist-overview)<br>\r\n💡 [Achieve NIST authenticator assurance level 2 with Azure Active Directory](https://docs.microsoft.com/azure/active-directory/standards/nist-authenticator-assurance-level-2)<br>\r\n💡 [TPM Group Policy settings](https://docs.microsoft.com/windows/security/information-protection/tpm/trusted-platform-module-services-group-policy-settings)<br>\r\n\r\n### Microsoft Portals\r\n🔀 [Microsoft Defender for Cloud: Recommendations](https://portal.azure.com/#blade/Microsoft_Azure_Security/SecurityMenuBlade/5)<br>\r\n🔀 [Azure Active Directory](https://portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/Overview)<br>\r\n\r\n### NIST SP 800-53 Guidance\r\n[IA-7](https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control?version=5.1&number=IA-7)<br>\r\n\r\n### Assessment\r\n"
+                          "json": "# [Cryptographic Module Authentication (IA-7)](https://docs.microsoft.com/azure/governance/policy/samples/nist-sp-800-53-r4#cryptographic-module-authentication)\r\n\r\nImplement mechanisms for authentication to a cryptographic module that meet the requirements of applicable laws, executive orders, directives, policies, regulations, standards, and guidelines for such authentication.\r\n\r\n### Recommended Logs\r\n🔷 [SecurityRecommendation](https://docs.microsoft.com/azure/azure-monitor/reference/tables/securityrecommendation) ✳️ [Microsoft Defender for Cloud](https://azure.microsoft.com/services/security-center/)<br> \r\n\r\n### Implementation\r\n💡 [Configure identification and authentication controls to meet FedRAMP High Impact level](https://docs.microsoft.com/azure/active-directory/standards/fedramp-identification-and-authentication-controls)<br>\r\n💡 [Configure Microsoft Entra ID to meet NIST authenticator assurance levels](https://docs.microsoft.com/azure/active-directory/standards/nist-overview)<br>\r\n💡 [Achieve NIST authenticator assurance level 2 with Microsoft Entra ID](https://docs.microsoft.com/azure/active-directory/standards/nist-authenticator-assurance-level-2)<br>\r\n💡 [TPM Group Policy settings](https://docs.microsoft.com/windows/security/information-protection/tpm/trusted-platform-module-services-group-policy-settings)<br>\r\n\r\n### Microsoft Portals\r\n🔀 [Microsoft Defender for Cloud: Recommendations](https://portal.azure.com/#blade/Microsoft_Azure_Security/SecurityMenuBlade/5)<br>\r\n🔀 [Microsoft Entra ID](https://portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/Overview)<br>\r\n\r\n### NIST SP 800-53 Guidance\r\n[IA-7](https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control?version=5.1&number=IA-7)<br>\r\n\r\n### Assessment\r\n"
                        },
                        "name": "text - 2"
                      },
@ -15233,7 +15233,7 @@
                      {
                        "type": 1,
                        "content": {
-                          "json": "# [Non-Organizational Users (IA-8)](https://docs.microsoft.com/azure/governance/policy/samples/nist-sp-800-53-r4#identification-and-authentication-non-organizational-users)\r\n\r\nUniquely identify and authenticate non-organizational users or processes acting on behalf of non-organizational users.\r\n\r\n### Recommended Logs\r\n🔷 [SigninLogs](https://docs.microsoft.com/azure/azure-monitor/reference/tables/signinlogs) ✳️ [Azure Active Directory](https://azure.microsoft.com/services/active-directory/)<br>\r\n🔷 [SecurityBaselines](https://docs.microsoft.com/azure/azure-monitor/reference/tables/securitybaseline) ✳️ [Microsoft Defender for Cloud](https://azure.microsoft.com/services/security-center/)<br>  \r\n\r\n### Implementation\r\n💡 [Quickstart: Add guest users to your directory in the Azure portal](https://docs.microsoft.com/azure/active-directory/external-identities/b2b-quickstart-add-guest-users-portal)<br>\r\n💡 [Restrict guest access permissions in Azure Active Directory](https://docs.microsoft.com/azure/active-directory/enterprise-users/users-restrict-guest-permissions)<br>\r\n💡 [Properties of an Azure Active Directory B2B collaboration user](https://docs.microsoft.com/azure/active-directory/external-identities/user-properties)<br>\r\n💡 [Apply Azure security baselines to machines](https://docs.microsoft.com/azure/defender-for-cloud/apply-security-baseline)<br>\r\n\r\n### Microsoft Portals\r\n🔀 [Microsoft Defender for Cloud: Regulatory Compliance](https://portal.azure.com/#blade/Microsoft_Azure_Security/SecurityMenuBlade/22)<br>\r\n🔀 [Azure Active Directory: External Identities](https://portal.azure.com/#blade/Microsoft_AAD_IAM/CompanyRelationshipsMenuBlade/ExternalIdentitiesGettingStarted)<br>\r\n\r\n### NIST SP 800-53 Guidance\r\n[IA-8](https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control?version=5.1&number=IA-8)<br>\r\n\r\n### Assessment\r\n"
+                          "json": "# [Non-Organizational Users (IA-8)](https://docs.microsoft.com/azure/governance/policy/samples/nist-sp-800-53-r4#identification-and-authentication-non-organizational-users)\r\n\r\nUniquely identify and authenticate non-organizational users or processes acting on behalf of non-organizational users.\r\n\r\n### Recommended Logs\r\n🔷 [SigninLogs](https://docs.microsoft.com/azure/azure-monitor/reference/tables/signinlogs) ✳️ [Microsoft Entra ID](https://azure.microsoft.com/services/active-directory/)<br>\r\n🔷 [SecurityBaselines](https://docs.microsoft.com/azure/azure-monitor/reference/tables/securitybaseline) ✳️ [Microsoft Defender for Cloud](https://azure.microsoft.com/services/security-center/)<br>  \r\n\r\n### Implementation\r\n💡 [Quickstart: Add guest users to your directory in the Azure portal](https://docs.microsoft.com/azure/active-directory/external-identities/b2b-quickstart-add-guest-users-portal)<br>\r\n💡 [Restrict guest access permissions in Microsoft Entra ID](https://docs.microsoft.com/azure/active-directory/enterprise-users/users-restrict-guest-permissions)<br>\r\n💡 [Properties of an Microsoft Entra ID B2B collaboration user](https://docs.microsoft.com/azure/active-directory/external-identities/user-properties)<br>\r\n💡 [Apply Azure security baselines to machines](https://docs.microsoft.com/azure/defender-for-cloud/apply-security-baseline)<br>\r\n\r\n### Microsoft Portals\r\n🔀 [Microsoft Defender for Cloud: Regulatory Compliance](https://portal.azure.com/#blade/Microsoft_Azure_Security/SecurityMenuBlade/22)<br>\r\n🔀 [Microsoft Entra ID: External Identities](https://portal.azure.com/#blade/Microsoft_AAD_IAM/CompanyRelationshipsMenuBlade/ExternalIdentitiesGettingStarted)<br>\r\n\r\n### NIST SP 800-53 Guidance\r\n[IA-8](https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control?version=5.1&number=IA-8)<br>\r\n\r\n### Assessment\r\n"
                        },
                        "name": "text - 2"
                      },
@ -19729,7 +19729,7 @@
                      {
                        "type": 1,
                        "content": {
-                          "json": "# [Risk Assessment (RA-3)](https://docs.microsoft.com/azure/governance/policy/samples/nist-sp-800-53-r4?WT.mc_id=Portal-fx#risk-assessment-1)\r\n\r\n\ta. Conduct a risk assessment, including:\r\n\t\t1. Identifying threats to and vulnerabilities in the system;\r\n\t\t2. Determining the likelihood and magnitude of harm from unauthorized access, use, disclosure, disruption, modification, or destruction of the system, the information it processes, stores, or transmits, and any related information; and\r\n\t\t3. Determining the likelihood and impact of adverse effects on individuals arising from the processing of personally identifiable information;\r\n\tb. Integrate risk assessment results and risk management decisions from the organization and mission or business process perspectives with system-level risk assessments;\r\n\tc. Document risk assessment results in [Selection: security and privacy plans; risk assessment report; [Assignment: organization-defined document]];\r\n\td. Review risk assessment results [Assignment: organization-defined frequency];\r\n\te. Disseminate risk assessment results to [Assignment: organization-defined personnel or roles]; and\r\n\tf. Update the risk assessment [Assignment: organization-defined frequency] or when there are significant changes to the system, its environment of operation, or other conditions that may impact the security or privacy state of the system.\r\n\r\n### Recommended Logs\r\n🔷 [SecurityRecommendation](https://docs.microsoft.com/azure/azure-monitor/reference/tables/securityrecommendation) ✳️ [Microsoft Defender for Cloud](https://azure.microsoft.com/services/security-center/)<br> 🔷 [SecurityIncident](https://docs.microsoft.com/azure/azure-monitor/reference/tables/securityincident) ✳️ [Microsoft Sentinel](https://azure.microsoft.com/services/azure-sentinel/) <br>  🔷 [AADUserRiskEvents](https://docs.microsoft.com/azure/azure-monitor/reference/tables/signinlogs) ✳️ [Azure AD: Identity Protection](https://azure.microsoft.com/services/active-directory/)<br>\r\n\r\n### Implementation\r\n💡 [Review your security recommendations](https://docs.microsoft.com/azure/defender-for-cloud/review-security-recommendations)<br>\r\n💡 [Automatically create incidents from Microsoft security alerts](https://docs.microsoft.com/azure/sentinel/create-incidents-from-alerts)<br>\r\n💡 [Azure Active Directory Identity Protection integration](https://docs.microsoft.com/defender-cloud-apps/aadip-integration)<br>\r\n\r\n\r\n### Microsoft Portals\r\n🔀 [Microsoft Defender for Cloud: Recommendations](https://portal.azure.com/#blade/Microsoft_Azure_Security/SecurityMenuBlade/5)<br>\r\n🔀 [Azure AD: Identity Protection](https://portal.azure.com/#blade/Microsoft_AAD_IAM/IdentityProtectionMenuBlade/Overview)<br>\r\n🔀 [Microsoft Sentinel](https://portal.azure.com/#blade/HubsExtension/BrowseResource/resourceType/microsoft.securityinsightsarg%2Fsentinel)<br>\r\n\r\n### NIST SP 800-53 Guidance\r\n[RA-3](https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control?version=5.1&number=RA-3)<br>\r\n\r\n### Assessment\r\n"
+                          "json": "# [Risk Assessment (RA-3)](https://docs.microsoft.com/azure/governance/policy/samples/nist-sp-800-53-r4?WT.mc_id=Portal-fx#risk-assessment-1)\r\n\r\n\ta. Conduct a risk assessment, including:\r\n\t\t1. Identifying threats to and vulnerabilities in the system;\r\n\t\t2. Determining the likelihood and magnitude of harm from unauthorized access, use, disclosure, disruption, modification, or destruction of the system, the information it processes, stores, or transmits, and any related information; and\r\n\t\t3. Determining the likelihood and impact of adverse effects on individuals arising from the processing of personally identifiable information;\r\n\tb. Integrate risk assessment results and risk management decisions from the organization and mission or business process perspectives with system-level risk assessments;\r\n\tc. Document risk assessment results in [Selection: security and privacy plans; risk assessment report; [Assignment: organization-defined document]];\r\n\td. Review risk assessment results [Assignment: organization-defined frequency];\r\n\te. Disseminate risk assessment results to [Assignment: organization-defined personnel or roles]; and\r\n\tf. Update the risk assessment [Assignment: organization-defined frequency] or when there are significant changes to the system, its environment of operation, or other conditions that may impact the security or privacy state of the system.\r\n\r\n### Recommended Logs\r\n🔷 [SecurityRecommendation](https://docs.microsoft.com/azure/azure-monitor/reference/tables/securityrecommendation) ✳️ [Microsoft Defender for Cloud](https://azure.microsoft.com/services/security-center/)<br> 🔷 [SecurityIncident](https://docs.microsoft.com/azure/azure-monitor/reference/tables/securityincident) ✳️ [Microsoft Sentinel](https://azure.microsoft.com/services/azure-sentinel/) <br>  🔷 [AADUserRiskEvents](https://docs.microsoft.com/azure/azure-monitor/reference/tables/signinlogs) ✳️ [Microsoft Entra ID: Identity Protection](https://azure.microsoft.com/services/active-directory/)<br>\r\n\r\n### Implementation\r\n💡 [Review your security recommendations](https://docs.microsoft.com/azure/defender-for-cloud/review-security-recommendations)<br>\r\n💡 [Automatically create incidents from Microsoft security alerts](https://docs.microsoft.com/azure/sentinel/create-incidents-from-alerts)<br>\r\n💡 [Microsoft Entra ID Protection integration](https://docs.microsoft.com/defender-cloud-apps/aadip-integration)<br>\r\n\r\n\r\n### Microsoft Portals\r\n🔀 [Microsoft Defender for Cloud: Recommendations](https://portal.azure.com/#blade/Microsoft_Azure_Security/SecurityMenuBlade/5)<br>\r\n🔀 [Microsoft Entra ID Protection](https://portal.azure.com/#blade/Microsoft_AAD_IAM/IdentityProtectionMenuBlade/Overview)<br>\r\n🔀 [Microsoft Sentinel](https://portal.azure.com/#blade/HubsExtension/BrowseResource/resourceType/microsoft.securityinsightsarg%2Fsentinel)<br>\r\n\r\n### NIST SP 800-53 Guidance\r\n[RA-3](https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control?version=5.1&number=RA-3)<br>\r\n\r\n### Assessment\r\n"
                        },
                        "name": "text - 2"
                      },
@ -21835,7 +21835,7 @@
                      {
                        "type": 1,
                        "content": {
-                          "json": "# [Transmission Confidentiality & Integrity (SC-8)](https://docs.microsoft.com/azure/governance/policy/samples/nist-sp-800-53-r4?WT.mc_id=Portal-fx#transmission-confidentiality-and-integrity)\r\n\r\nProtect the [Selection (one or more): confidentiality; integrity] of transmitted information.\r\n\r\n### Recommended Logs\r\n🔷 [SecurityRegulatoryCompliance](https://docs.microsoft.com/azure/azure-monitor/reference/tables/securityregulatorycompliance) ✳️ [Microsoft Defender for Cloud](https://azure.microsoft.com/services/security-center/)<br>  \r\n\r\n### Implementation\r\n💡 [Azure encryption overview](https://docs.microsoft.com/azure/security/fundamentals/encryption-overview)<br>\r\n💡 [Device Compliance settings for Windows 10/11 in Intune](https://docs.microsoft.com/mem/intune/protect/compliance-policy-create-windows)<br>\r\n💡 [Conditional Access: Require approved client apps or app protection policy](https://docs.microsoft.com/azure/active-directory/conditional-access/howto-policy-approved-app-or-app-protection)<br>\r\n💡 [How to create and assign app protection policies](https://docs.microsoft.com/mem/intune/apps/app-protection-policies)<br>\r\n💡 [Android app protection policy settings in Microsoft Intune](https://docs.microsoft.com/mem/intune/apps/app-protection-policy-settings-android)<br>\r\n💡 [iOS app protection policy settings](https://docs.microsoft.com/mem/intune/apps/app-protection-policy-settings-ios)<br>\r\n💡 [Network access control (NAC) integration with Intune](https://docs.microsoft.com/mem/intune/protect/network-access-control-integrate)<br>\r\n💡 [What are common ways to use Conditional Access with Intune?](https://docs.microsoft.com/mem/intune/protect/conditional-access-intune-common-ways-use)<br>\r\n💡 [What is Azure ExpressRoute?](https://docs.microsoft.com/azure/expressroute/expressroute-introduction)<br>\r\n💡 [Remote Desktop Protocol](https://docs.microsoft.com/windows/win32/termserv/remote-desktop-protocol)<br>\r\n💡 [How to use SSH keys with Windows on Azure](https://docs.microsoft.com/azure/virtual-machines/linux/ssh-from-windows)<br>\r\n💡 [About Azure Key Vault](https://docs.microsoft.com/azure/key-vault/general/overview)<br>\r\n💡 [About VPN Gateway configuration settings](https://docs.microsoft.com/azure/vpn-gateway/vpn-gateway-about-vpn-gateway-settings)<br>\r\n\r\n### Microsoft Portals\r\n🔀 [Microsoft Defender for Cloud: Regulatory Compliance](https://portal.azure.com/#blade/Microsoft_Azure_Security/SecurityMenuBlade/22)<br>\r\n🔀 [Microsoft Endpoint Manager Admin Center](https://endpoint.microsoft.com/#home)<br>\r\n🔀 [Azure AD: Conditional Access](https://portal.azure.com/#blade/Microsoft_AAD_IAM/ConditionalAccessBlade/Policies)<br>\r\n🔀 [Key Vault](https://portal.azure.com/#blade/HubsExtension/BrowseResource/resourceType/Microsoft.KeyVault%2Fvaults)<br>\r\n🔀 [Virtual Network Gateways](https://portal.azure.com/#blade/HubsExtension/BrowseResource/resourceType/Microsoft.Network%2FvirtualNetworkGateways)<br>\r\n🔀 [ExpressRoute](https://portal.azure.com/#blade/HubsExtension/BrowseResource/resourceType/Microsoft.Network%2FexpressRouteCircuits)<br>\r\n\r\n### NIST SP 800-53 Guidance\r\n[SC-8](https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control?version=5.1&number=SC-8)<br>\r\n\r\n### Assessment\r\n"
+                          "json": "# [Transmission Confidentiality & Integrity (SC-8)](https://docs.microsoft.com/azure/governance/policy/samples/nist-sp-800-53-r4?WT.mc_id=Portal-fx#transmission-confidentiality-and-integrity)\r\n\r\nProtect the [Selection (one or more): confidentiality; integrity] of transmitted information.\r\n\r\n### Recommended Logs\r\n🔷 [SecurityRegulatoryCompliance](https://docs.microsoft.com/azure/azure-monitor/reference/tables/securityregulatorycompliance) ✳️ [Microsoft Defender for Cloud](https://azure.microsoft.com/services/security-center/)<br>  \r\n\r\n### Implementation\r\n💡 [Azure encryption overview](https://docs.microsoft.com/azure/security/fundamentals/encryption-overview)<br>\r\n💡 [Device Compliance settings for Windows 10/11 in Intune](https://docs.microsoft.com/mem/intune/protect/compliance-policy-create-windows)<br>\r\n💡 [Conditional Access: Require approved client apps or app protection policy](https://docs.microsoft.com/azure/active-directory/conditional-access/howto-policy-approved-app-or-app-protection)<br>\r\n💡 [How to create and assign app protection policies](https://docs.microsoft.com/mem/intune/apps/app-protection-policies)<br>\r\n💡 [Android app protection policy settings in Microsoft Intune](https://docs.microsoft.com/mem/intune/apps/app-protection-policy-settings-android)<br>\r\n💡 [iOS app protection policy settings](https://docs.microsoft.com/mem/intune/apps/app-protection-policy-settings-ios)<br>\r\n💡 [Network access control (NAC) integration with Intune](https://docs.microsoft.com/mem/intune/protect/network-access-control-integrate)<br>\r\n💡 [What are common ways to use Conditional Access with Intune?](https://docs.microsoft.com/mem/intune/protect/conditional-access-intune-common-ways-use)<br>\r\n💡 [What is Azure ExpressRoute?](https://docs.microsoft.com/azure/expressroute/expressroute-introduction)<br>\r\n💡 [Remote Desktop Protocol](https://docs.microsoft.com/windows/win32/termserv/remote-desktop-protocol)<br>\r\n💡 [How to use SSH keys with Windows on Azure](https://docs.microsoft.com/azure/virtual-machines/linux/ssh-from-windows)<br>\r\n💡 [About Azure Key Vault](https://docs.microsoft.com/azure/key-vault/general/overview)<br>\r\n💡 [About VPN Gateway configuration settings](https://docs.microsoft.com/azure/vpn-gateway/vpn-gateway-about-vpn-gateway-settings)<br>\r\n\r\n### Microsoft Portals\r\n🔀 [Microsoft Defender for Cloud: Regulatory Compliance](https://portal.azure.com/#blade/Microsoft_Azure_Security/SecurityMenuBlade/22)<br>\r\n🔀 [Microsoft Endpoint Manager Admin Center](https://endpoint.microsoft.com/#home)<br>\r\n🔀 [ Microsoft Entra ID : Conditional Access](https://portal.azure.com/#blade/Microsoft_AAD_IAM/ConditionalAccessBlade/Policies)<br>\r\n🔀 [Key Vault](https://portal.azure.com/#blade/HubsExtension/BrowseResource/resourceType/Microsoft.KeyVault%2Fvaults)<br>\r\n🔀 [Virtual Network Gateways](https://portal.azure.com/#blade/HubsExtension/BrowseResource/resourceType/Microsoft.Network%2FvirtualNetworkGateways)<br>\r\n🔀 [ExpressRoute](https://portal.azure.com/#blade/HubsExtension/BrowseResource/resourceType/Microsoft.Network%2FexpressRouteCircuits)<br>\r\n\r\n### NIST SP 800-53 Guidance\r\n[SC-8](https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control?version=5.1&number=SC-8)<br>\r\n\r\n### Assessment\r\n"
                        },
                        "name": "text - 2"
                      },
@ -22483,7 +22483,7 @@
                      {
                        "type": 1,
                        "content": {
-                          "json": "# [Public Key Infrastructure Certificates (SC-17)](https://docs.microsoft.com/azure/governance/policy/samples/nist-sp-800-53-r4?WT.mc_id=Portal-fx#public-key-infrastructure-certificates)\r\n\r\n\ta. Issue public key certificates under an [Assignment: organization-defined certificate policy] or obtain public key certificates from an approved service provider; and\r\n\tb. Include only approved trust anchors in trust stores or certificate stores managed by the organization.\r\n\r\n### Recommended Logs\r\n🔷 [SecurityRegulatoryCompliance](https://docs.microsoft.com/azure/azure-monitor/reference/tables/securityregulatorycompliance) ✳️ [Microsoft Defender for Cloud](https://azure.microsoft.com/services/security-center/)<br>  \r\n\r\n### Implementation\r\n💡 [Get started with Key Vault certificates](https://docs.microsoft.com/azure/key-vault/certificates/certificate-scenarios)<br>\r\n💡 [Certificate authorities used by Azure Active Directory](https://docs.microsoft.com/azure/active-directory/fundamentals/certificate-authorities)<br>\r\n💡 [Securing Public Key Infrastructure (PKI)](https://docs.microsoft.com/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/dn786443(v=ws.11))<br>\r\n💡 [Validate and Configure Public Key Infrastructure - Key Trust](https://docs.microsoft.com/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-pki)<br>\r\n💡 [PKI certificate requirements for Configuration Manager](https://docs.microsoft.com/mem/configmgr/core/plan-design/network/pki-certificate-requirements#supported-certificate-types)<br>\r\n💡 [Configure and use PKCS certificates with Intune](https://docs.microsoft.com/mem/intune/protect/certificates-pfx-configure)<br>\r\n\r\n### Microsoft Portals\r\n🔀 [Microsoft Defender for Cloud: Recommendations](https://portal.azure.com/#blade/Microsoft_Azure_Security/SecurityMenuBlade/5)<br>\r\n🔀 [Microsoft Endpoint Manager Admin Center](https://endpoint.microsoft.com/#home)<br>\r\n🔀 [Key Vault](https://portal.azure.com/#blade/HubsExtension/BrowseResource/resourceType/Microsoft.KeyVault%2Fvaults)<br>\r\n🔀 [Azure Active Directory](https://portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/Overview)<br>\r\n\r\n### NIST SP 800-53 Guidance\r\n[SC-17](https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control?version=5.1&number=SC-17)<br>\r\n\r\n### Assessment\r\n"
+                          "json": "# [Public Key Infrastructure Certificates (SC-17)](https://docs.microsoft.com/azure/governance/policy/samples/nist-sp-800-53-r4?WT.mc_id=Portal-fx#public-key-infrastructure-certificates)\r\n\r\n\ta. Issue public key certificates under an [Assignment: organization-defined certificate policy] or obtain public key certificates from an approved service provider; and\r\n\tb. Include only approved trust anchors in trust stores or certificate stores managed by the organization.\r\n\r\n### Recommended Logs\r\n🔷 [SecurityRegulatoryCompliance](https://docs.microsoft.com/azure/azure-monitor/reference/tables/securityregulatorycompliance) ✳️ [Microsoft Defender for Cloud](https://azure.microsoft.com/services/security-center/)<br>  \r\n\r\n### Implementation\r\n💡 [Get started with Key Vault certificates](https://docs.microsoft.com/azure/key-vault/certificates/certificate-scenarios)<br>\r\n💡 [Certificate authorities used by Microsoft Entra ID](https://docs.microsoft.com/azure/active-directory/fundamentals/certificate-authorities)<br>\r\n💡 [Securing Public Key Infrastructure (PKI)](https://docs.microsoft.com/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/dn786443(v=ws.11))<br>\r\n💡 [Validate and Configure Public Key Infrastructure - Key Trust](https://docs.microsoft.com/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-pki)<br>\r\n💡 [PKI certificate requirements for Configuration Manager](https://docs.microsoft.com/mem/configmgr/core/plan-design/network/pki-certificate-requirements#supported-certificate-types)<br>\r\n💡 [Configure and use PKCS certificates with Intune](https://docs.microsoft.com/mem/intune/protect/certificates-pfx-configure)<br>\r\n\r\n### Microsoft Portals\r\n🔀 [Microsoft Defender for Cloud: Recommendations](https://portal.azure.com/#blade/Microsoft_Azure_Security/SecurityMenuBlade/5)<br>\r\n🔀 [Microsoft Endpoint Manager Admin Center](https://endpoint.microsoft.com/#home)<br>\r\n🔀 [Key Vault](https://portal.azure.com/#blade/HubsExtension/BrowseResource/resourceType/Microsoft.KeyVault%2Fvaults)<br>\r\n🔀 [Microsoft Entra ID](https://portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/Overview)<br>\r\n\r\n### NIST SP 800-53 Guidance\r\n[SC-17](https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control?version=5.1&number=SC-17)<br>\r\n\r\n### Assessment\r\n"
                        },
                        "name": "text - 2"
                      },
@ -22679,7 +22679,7 @@
                      {
                        "type": 1,
                        "content": {
-                          "json": "# [Mobile Code (SC-18)](https://docs.microsoft.com/azure/governance/policy/samples/nist-sp-800-53-r4?WT.mc_id=Portal-fx#mobile-code)\r\n\r\n\ta. Define acceptable and unacceptable mobile code and mobile code technologies; and\r\n\tb. Authorize, monitor, and control the use of mobile code within the system.\r\n\r\n### Recommended Logs\r\n🔷 [DeviceFileEvents](https://docs.microsoft.com/azure/azure-monitor/reference/tables/devicefileevents) ✳️ [Microsoft Defender for Endpoint]( https://www.microsoft.com/microsoft-365/security/endpoint-defender)<br> \r\n🔷 [OfficeActivity](https://docs.microsoft.com/azure/azure-monitor/reference/tables/officeactivity) ✳️ [Microsoft Defender for Office 365](https://www.microsoft.com/security/business/threat-protection/office-365-defender)<br> \r\n\r\n### Implementation\r\n💡 [Administer Group Policy in an Azure Active Directory Domain Services managed domain](https://docs.microsoft.com/azure/active-directory-domain-services/manage-group-policy)<br>\r\n💡 [Enable and configure Microsoft Antimalware for Azure Resource Manager VMs](https://docs.microsoft.com/azure/security/fundamentals/antimalware-code-samples)<br>\r\n💡 [Microsoft Antimalware for Azure Cloud Services and Virtual Machines](https://docs.microsoft.com/azure/security/fundamentals/antimalware)<br>\r\n💡 [Enforce compliance for Microsoft Defender for Endpoint with Conditional Access in Intune](https://docs.microsoft.com/mem/intune/protect/advanced-threat-protection)<br>\r\n💡 [Customize Web Application Firewall rules using the Azure portal](https://docs.microsoft.com/azure/web-application-firewall/ag/application-gateway-customize-waf-rules-portal)<br>\r\n💡 [Block syncing of specific file types](https://docs.microsoft.com/onedrive/block-file-types)<br>\r\n\r\n### Microsoft Portals\r\n🔀 [Microsoft 365 Defender](https://security.microsoft.com/homepage)<br>\r\n🔀 [Microsoft Endpoint Manager Admin Center](https://endpoint.microsoft.com/#home)<br>\r\n\r\n### NIST SP 800-53 Guidance\r\n[SC-18](https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control?version=5.1&number=SC-18)<br>\r\n\r\n### Assessment\r\n"
+                          "json": "# [Mobile Code (SC-18)](https://docs.microsoft.com/azure/governance/policy/samples/nist-sp-800-53-r4?WT.mc_id=Portal-fx#mobile-code)\r\n\r\n\ta. Define acceptable and unacceptable mobile code and mobile code technologies; and\r\n\tb. Authorize, monitor, and control the use of mobile code within the system.\r\n\r\n### Recommended Logs\r\n🔷 [DeviceFileEvents](https://docs.microsoft.com/azure/azure-monitor/reference/tables/devicefileevents) ✳️ [Microsoft Defender for Endpoint]( https://www.microsoft.com/microsoft-365/security/endpoint-defender)<br> \r\n🔷 [OfficeActivity](https://docs.microsoft.com/azure/azure-monitor/reference/tables/officeactivity) ✳️ [Microsoft Defender for Office 365](https://www.microsoft.com/security/business/threat-protection/office-365-defender)<br> \r\n\r\n### Implementation\r\n💡 [Administer Group Policy in an Microsoft Entra ID Domain Services managed domain](https://docs.microsoft.com/azure/active-directory-domain-services/manage-group-policy)<br>\r\n💡 [Enable and configure Microsoft Antimalware for Azure Resource Manager VMs](https://docs.microsoft.com/azure/security/fundamentals/antimalware-code-samples)<br>\r\n💡 [Microsoft Antimalware for Azure Cloud Services and Virtual Machines](https://docs.microsoft.com/azure/security/fundamentals/antimalware)<br>\r\n💡 [Enforce compliance for Microsoft Defender for Endpoint with Conditional Access in Intune](https://docs.microsoft.com/mem/intune/protect/advanced-threat-protection)<br>\r\n💡 [Customize Web Application Firewall rules using the Azure portal](https://docs.microsoft.com/azure/web-application-firewall/ag/application-gateway-customize-waf-rules-portal)<br>\r\n💡 [Block syncing of specific file types](https://docs.microsoft.com/onedrive/block-file-types)<br>\r\n\r\n### Microsoft Portals\r\n🔀 [Microsoft 365 Defender](https://security.microsoft.com/homepage)<br>\r\n🔀 [Microsoft Endpoint Manager Admin Center](https://endpoint.microsoft.com/#home)<br>\r\n\r\n### NIST SP 800-53 Guidance\r\n[SC-18](https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control?version=5.1&number=SC-18)<br>\r\n\r\n### Assessment\r\n"
                        },
                        "name": "text - 2"
                      },
@ -23039,7 +23039,7 @@
                      {
                        "type": 1,
                        "content": {
-                          "json": "# [Session Authenticity (SC-23)](https://docs.microsoft.com/azure/governance/policy/samples/nist-sp-800-53-r4?WT.mc_id=Portal-fx#session-authenticity)\r\n\r\nProtect the authenticity of communications sessions.\r\n\r\n### Recommended Logs\r\n🔷 [SecurityRegulatoryCompliance](https://docs.microsoft.com/azure/azure-monitor/reference/tables/securityregulatorycompliance) ✳️ [Microsoft Defender for Cloud](https://azure.microsoft.com/services/security-center/)<br>  \r\n\r\n### Implementation\r\n💡 [Configure authentication session management with Conditional Access](https://docs.microsoft.com/azure/active-directory/conditional-access/howto-conditional-access-session-lifetime)<br>\r\n💡 [Onboard Microsoft Defender for Cloud](https://docs.microsoft.com/azure/security-center/security-center-get-started)<br>\r\n💡 [Review your security recommendations](https://docs.microsoft.com/azure/defender-for-cloud/review-security-recommendations)<br>\r\n\r\n### Microsoft Portals\r\n🔀 [Microsoft Defender for Cloud: Recommendations](https://portal.azure.com/#blade/Microsoft_Azure_Security/SecurityMenuBlade/5)<br>\r\n🔀 [Azure AD: Conditional Access](https://portal.azure.com/#blade/Microsoft_AAD_IAM/ConditionalAccessBlade/Policies)<br>\r\n\r\n### NIST SP 800-53 Guidance\r\n[SC-23](https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control?version=5.1&number=SC-23)<br>\r\n\r\n### Assessment\r\n"
+                          "json": "# [Session Authenticity (SC-23)](https://docs.microsoft.com/azure/governance/policy/samples/nist-sp-800-53-r4?WT.mc_id=Portal-fx#session-authenticity)\r\n\r\nProtect the authenticity of communications sessions.\r\n\r\n### Recommended Logs\r\n🔷 [SecurityRegulatoryCompliance](https://docs.microsoft.com/azure/azure-monitor/reference/tables/securityregulatorycompliance) ✳️ [Microsoft Defender for Cloud](https://azure.microsoft.com/services/security-center/)<br>  \r\n\r\n### Implementation\r\n💡 [Configure authentication session management with Conditional Access](https://docs.microsoft.com/azure/active-directory/conditional-access/howto-conditional-access-session-lifetime)<br>\r\n💡 [Onboard Microsoft Defender for Cloud](https://docs.microsoft.com/azure/security-center/security-center-get-started)<br>\r\n💡 [Review your security recommendations](https://docs.microsoft.com/azure/defender-for-cloud/review-security-recommendations)<br>\r\n\r\n### Microsoft Portals\r\n🔀 [Microsoft Defender for Cloud: Recommendations](https://portal.azure.com/#blade/Microsoft_Azure_Security/SecurityMenuBlade/5)<br>\r\n🔀 [ Microsoft Entra ID : Conditional Access](https://portal.azure.com/#blade/Microsoft_AAD_IAM/ConditionalAccessBlade/Policies)<br>\r\n\r\n### NIST SP 800-53 Guidance\r\n[SC-23](https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control?version=5.1&number=SC-23)<br>\r\n\r\n### Assessment\r\n"
                        },
                        "name": "text - 2"
                      },
@ -25310,7 +25310,7 @@
                      {
                        "type": 1,
                        "content": {
-                          "json": "# [Software, Firmware, & Information Integrity (SI-7)](https://docs.microsoft.com/azure/governance/policy/samples/nist-sp-800-53-r4?WT.mc_id=Portal-fx#software-firmware-and-information-integrity)\r\n\r\n\ta. Employ integrity verification tools to detect unauthorized changes to the following software, firmware, and information: [Assignment: organization-defined software, firmware, and information]; and\r\n\tb. Take the following actions when unauthorized changes to the software, firmware, and information are detected: [Assignment: organization-defined actions].\r\n\r\n### Recommended Logs\r\n🔷 [SecurityBaselines](https://docs.microsoft.com/azure/azure-monitor/reference/tables/securitybaseline) ✳️ [Microsoft Defender for Cloud](https://azure.microsoft.com/services/security-center/)<br>  \r\n\r\n### Implementation\r\n💡 [Firmware security](https://docs.microsoft.com/azure/security/fundamentals/firmware)<br>\r\n💡 [Platform code integrity](https://docs.microsoft.com/azure/security/fundamentals/code-integrity)<br>\r\n💡 [Secure Boot](https://docs.microsoft.com/azure/security/fundamentals/secure-boot)<br>\r\n💡 [What is Azure role-based access control (Azure RBAC)?](https://docs.microsoft.com/azure/role-based-access-control/overview)<br>\r\n💡 [File integrity monitoring in Microsoft Defender for Cloud](https://docs.microsoft.com/azure/defender-for-cloud/file-integrity-monitoring-overview)<br>\r\n💡 [Change Tracking and Inventory overview](https://docs.microsoft.com/azure/automation/change-tracking/overview)<br>\r\n\r\n### Microsoft Portals\r\n🔀 [Microsoft Defender for Cloud: Recommendations](https://portal.azure.com/#blade/Microsoft_Azure_Security/SecurityMenuBlade/5)<br>\r\n🔀 [Azure Active Directory: Roles & Admins](https://portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/RolesAndAdministrators)<br>\r\n🔀 [Automation Accounts](https://portal.azure.com/#blade/HubsExtension/BrowseResource/resourceType/Microsoft.Automation%2FAutomationAccounts)<br>\r\n\r\n### NIST SP 800-53 Guidance\r\n[SI-7](https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control?version=5.1&number=SI-7)<br>\r\n\r\n### Assessment\r\n"
+                          "json": "# [Software, Firmware, & Information Integrity (SI-7)](https://docs.microsoft.com/azure/governance/policy/samples/nist-sp-800-53-r4?WT.mc_id=Portal-fx#software-firmware-and-information-integrity)\r\n\r\n\ta. Employ integrity verification tools to detect unauthorized changes to the following software, firmware, and information: [Assignment: organization-defined software, firmware, and information]; and\r\n\tb. Take the following actions when unauthorized changes to the software, firmware, and information are detected: [Assignment: organization-defined actions].\r\n\r\n### Recommended Logs\r\n🔷 [SecurityBaselines](https://docs.microsoft.com/azure/azure-monitor/reference/tables/securitybaseline) ✳️ [Microsoft Defender for Cloud](https://azure.microsoft.com/services/security-center/)<br>  \r\n\r\n### Implementation\r\n💡 [Firmware security](https://docs.microsoft.com/azure/security/fundamentals/firmware)<br>\r\n💡 [Platform code integrity](https://docs.microsoft.com/azure/security/fundamentals/code-integrity)<br>\r\n💡 [Secure Boot](https://docs.microsoft.com/azure/security/fundamentals/secure-boot)<br>\r\n💡 [What is Azure role-based access control (Azure RBAC)?](https://docs.microsoft.com/azure/role-based-access-control/overview)<br>\r\n💡 [File integrity monitoring in Microsoft Defender for Cloud](https://docs.microsoft.com/azure/defender-for-cloud/file-integrity-monitoring-overview)<br>\r\n💡 [Change Tracking and Inventory overview](https://docs.microsoft.com/azure/automation/change-tracking/overview)<br>\r\n\r\n### Microsoft Portals\r\n🔀 [Microsoft Defender for Cloud: Recommendations](https://portal.azure.com/#blade/Microsoft_Azure_Security/SecurityMenuBlade/5)<br>\r\n🔀 [Microsoft Entra ID: Roles & Admins](https://portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/RolesAndAdministrators)<br>\r\n🔀 [Automation Accounts](https://portal.azure.com/#blade/HubsExtension/BrowseResource/resourceType/Microsoft.Automation%2FAutomationAccounts)<br>\r\n\r\n### NIST SP 800-53 Guidance\r\n[SI-7](https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control?version=5.1&number=SI-7)<br>\r\n\r\n### Assessment\r\n"
                        },
                        "name": "text - 2"
                      },
@ -25956,7 +25956,7 @@
                {
                  "type": 1,
                  "content": {
-                    "json": "# [Recommended Data Connectors](https://docs.microsoft.com/azure/sentinel/connect-data-sources)\r\n---\r\n\r\nAfter onboarding Microsoft Sentinel into your workspace, connect data sources to start ingesting your data into Microsoft Sentinel. Microsoft Sentinel comes with many connectors for Microsoft products, available out of the box and providing real-time integration. For example, service-to-service connectors include Microsoft 365 Defender connectors and Microsoft 365 sources, such as Office 365, Azure Active Directory (Azure AD), Microsoft Defender for Identity, and Microsoft Defender for Cloud Apps. Check out these references if you're new to Microsoft Sentinel."
+                    "json": "# [Recommended Data Connectors](https://docs.microsoft.com/azure/sentinel/connect-data-sources)\r\n---\r\n\r\nAfter onboarding Microsoft Sentinel into your workspace, connect data sources to start ingesting your data into Microsoft Sentinel. Microsoft Sentinel comes with many connectors for Microsoft products, available out of the box and providing real-time integration. For example, service-to-service connectors include Microsoft 365 Defender connectors and Microsoft 365 sources, such as Office 365, Microsoft Entra ID, Microsoft Defender for Identity, and Microsoft Defender for Cloud Apps. Check out these references if you're new to Microsoft Sentinel."
                  },
                  "customWidth": "40",
                  "name": "NS Guide"
@ -26137,7 +26137,7 @@
                      {
                        "type": 1,
                        "content": {
-                          "json": "### [Azure Active Directory (AAD) Connector](https://docs.microsoft.com/azure/sentinel/connect-azure-active-directory)"
+                          "json": "### [Microsoft Entra ID Connector](https://docs.microsoft.com/azure/sentinel/connect-azure-active-directory)"
                        },
                        "customWidth": "33",
                        "name": "text - 2"
@ -28545,7 +28545,7 @@
                      {
                        "type": 1,
                        "content": {
-                          "json": "### [Azure Active Directory Identity Protection Connector](https://docs.microsoft.com/azure/sentinel/data-connectors-reference#azure-active-directory-identity-protection)"
+                          "json": "### [Microsoft Entra ID Protection Connector](https://docs.microsoft.com/azure/sentinel/data-connectors-reference#azure-active-directory-identity-protection)"
                        },
                        "customWidth": "33",
                        "name": "text - 2"
--- a/Solutions/NISTSP80053/data/Solution_NISTSP80053.json
+++ b/Solutions/NISTSP80053/data/Solution_NISTSP80053.json
@ -7,16 +7,16 @@
    "Analytic Rules/NISTSP80053PostureChanged.yaml"
  ],
  "Playbooks": [
-    "Playbooks/Notify_GovernanceComplianceTeam-NISTSP80053/Notify_GovernanceComplianceTeam.json",
-    "Playbooks/Create-AzureDevOpsTask-NISTSP80053/Open_DevOpsTaskRecommendation.json",
-    "Playbooks/CreateJiraIssue-NISTSP80053/Open_JIRATicketRecommendation.json"
+    "Playbooks/Notify_GovernanceComplianceTeam/Notify_GovernanceComplianceTeam.json",
+    "Playbooks/Create-AzureDevOpsTask/Open_DevOpsTaskRecommendation.json",
+    "Playbooks/CreateJiraIssue/Open_JIRATicketRecommendation.json"
  ],
  "Workbooks": [
    "Workbooks/NISTSP80053.json"
  ],
  "Metadata": "SolutionMetadata.json",
  "BasePath": "C:\\Github\\Azure-Sentinel\\Solutions\\NISTSP80053",
-  "Version": "2.0.5",
+  "Version": "3.0.0",
  "TemplateSpec": true,
  "Is1Pconnector": true
 }