Ensure that the "Public access level" configuration setting is set to "Private (no anonymous access)" for all blob containers in your storage account in order to block anonymous access to these Microsoft Azure resources.
This rule resolution is part of the Conformity Security & Compliance tool for Azure.
A user that accesses blob containers anonymously can use constructors that do not require credentials such as shared access signatures. Cloud Conformity strongly recommends disabling anonymous access to all blob containers provisioned within your storage account, unless it is really required. Also, to adhere to Azure cloud security best practices, a shared access signature token should be used for providing controlled and timed access to your blob containers.
Audit
To determine if anonymous access to Azure Storage blob containers is disabled, perform the following actions:
Remediation / Resolution
To disable anonymous access to blob containers within your Microsoft Azure Storage accounts, perform the following actions:
References
- Azure Official Documentation
- Manage anonymous read access to containers and blobs
- CIS Microsoft Azure Foundations
- Azure Command Line Interface (CLI) Documentation
- az
- az storage account list
- az storage container list
- az storage container show
- az storage container set-permission
Unlock the Remediation Steps
Free 30-day Trial
Automatically audit your configurations with Conformity
and gain access to our cloud security platform.
You are auditing:
Disable Anonymous Access to Blob Containers
Risk Level: Medium