---
names:
  full: Privileged Azure Virtual Machine is accessed by identities without MFA
  contextual: Privileged Virtual Machine is accessed by identities without MFA
description: "Verify identities without MFA that can log in to a privileged virtual\
  \ machine using separate login credentials. An adversary can leverage the access\
  \ to move laterally and perform actions with the virtual machine's managed identity.\
  \ Make sure the virtual machine only has necessary permissions, and revoke the admin-level\
  \ permissions according to the least privileges principal."
impossible: true
type: COMPLIANCE_POLICY
categories:
  - SECURITY
frameworkMappings:
  - "/frameworks/cis-azure-v6.0.0/03/01/01"
  - "/frameworks/cloudaware/identity-and-access-governance/mfa-implementation"