Question about compliance and VM's in the cloud

old.reddit.com / @/u/Weak-Cryptographer-4, https://old.reddit.com/user/Weak-Cryptographer-4

Scenario:

VM's (PAWs) in Azure - hardened
Just in Time Access
Applications on VM's only need to perform the role
Access granted to individuals that only need access to perform specific duties
Conditional access rules to allow access to applications in Azure or M365 ONLY from these VM's
VM's are accessed via laptops from someone's company laptop that feeds to MS Sentinel and is protected via AV but is NOT hardened but when VM's are accessed AES256 bit encryption is used.

Question: In this scenario, do the company laptops fall into scope if the infrastructure in Azure is 100% compliant and all work is done via privileged access workstations with JIT access with the configuration above?

submitted by /u/Weak-Cryptographer-4
[link] [comments]

published 2 months ago


Previous

Mobility solution to meet CMMC requirements
published 2 months ago

Next

Exostar Policy Pro
published 2 months ago
See all items from the same source