Storage Account Public Access Should Be Disallowed
- Jase T. English
- Solomon F Prophete
Description:
Anonymous public read access to containers and blobs in Azure Storage may present a security risk. By default, public access to your blob data is always prohibited.
However, the default configuration for a storage account permits a user with appropriate permissions to configure public access to containers and blobs in a storage account. For enhanced security, you can disallow all public access to storage account, regardless of the public access setting for an individual container. Disallowing public access to the storage account prevents a user from enabling public access for a container in the account. Microsoft recommends that you disallow public access to a storage account unless your scenario requires it.
Solution:
To disallow public access for a storage account in the Azure portal:
Navigate to your storage account in the Azure portal.
Locate the Configuration setting under Settings.
Set Blob public access to Disabled.
Reference:
Full instructions to perform this can be found here: https://docs.microsoft.com/en-us/azure/storage/blobs/anonymous-read-access-configure?tabs=portal#allow-or-disallow-public-read-access-for-a-storage-account