Plugin Title | Blob Container Private Access |
Cloud | AZURE |
Category | Blob Service |
Description | Ensures that all blob containers do not have anonymous public access set |
More Info | Blob containers set with public access enables anonymous users to read blobs within a publicly accessible container without authentication. All blob containers should have private access configured. |
AZURE Link | https://docs.microsoft.com/en-us/azure/storage/blobs/storage-blobs-introduction |
Recommended Action | Ensure each blob container is configured to restrict anonymous access |
- Log into the Microsoft Azure Management Console.
- Find the search bar at the top and search for Storage account.
- Select the "Storage account" by clicking on the "Name" link to access the configuration changes.
- In the left navigation panel click on "Containers" under "Data storage".
- In the Containers List, select the container for which the column "Public access level" shows "Blob" or "Container" and click on "Change access level" button at the top.
- In the "Change access level" pop up the "Public access level" dropdown should be set to "Private(no anonymous access)". If it is set to "Blob" or "Container" then anonymous requests are allowed at the service level and this is against azure best practices.
- In the "Change access level" pop up click on the "Public access level" dropdown and select "Private(no anonymous access)" and click "OK" to make the necessary changes.
- Repeat steps number 5 - 7 to ensure that all blob containers have private access level.