ServiceNow CMDB CI relationship sync: faster, more complete →
Mods
Azure

Policy: Azure > CIS v2.0 > 01 - Identity and Access Management > 1.24 Ensure a Custom Role is Assigned Permissions for Administering Resource Locks > Attestation

From Azure Portal

1. In the Azure portal, open a subscription or resource group where you want the custom role to be assigned. 2. Select Access control (IAM). 3. Click Add. 4. Select Add custom role. 5. In the Custom Role Name field enter Resource Lock Administrator. 6. In the Description field enter Can Administer Resource Locks. 7. For Baseline permissions select Start from scratch 8. Select next. 9. In the Permissions tab select Add permissions. 10.In the Search for a permission box, type in Microsoft.Authorization/locks to search for permissions. 11.Select the check box next to the permission Microsoft.Authorization/locks. 12.Select Add. 13.Select Review + create. 14.Select Create. 15.Assign the newly created role to the appropriate user.

Once verified, enter the date that this attestation expires. Note that the date can not be further in the future than is specified in report level Maximum Attestation Duration policy. Set to a blank value to clear the attestation.

Resource Types

This policy targets the following resource types:

Primary Policy

This policy is used with the following primary policy:

Controls

Policy Specification

Schema Type
string

Category

In Your Workspace

Developers