Ensure that "Allow trusted Microsoft services to access this storage account" exception is enabled within your Azure Storage account configuration settings to grant access to trusted cloud services.
This rule resolution is part of the Cloud Conformity Security & Compliance tool for Azure
Enabling firewall rules for your storage account will block access to incoming requests for data, including from other Azure services. To allow these Azure services to work as intended and be able to access your storage account resources, you have to add an exception so that the trusted Microsoft Azure services can bypass your network rules. If the "Allow trusted Microsoft services to access this storage account" exception is enabled, the following services: Azure Backup, Azure Event Grid, Azure Site Recovery, Azure DevTest Labs, Azure Event Hubs, Azure Networking, Azure Monitor and Azure SQL Data Warehouse (when registered in the subscription), are granted access to your storage account. To enhance access security, all these cloud services are using strong authentication methods to access storage account resources.
To determine if "Allow trusted Microsoft services to access this storage account" exception is enabled, perform the following actions:
Remediation / Resolution
To allow trusted Microsoft services to access your Azure Storage accounts, perform the following actions:
Unlock the Remediation Steps
Gain free unlimited access
to our full Knowledge Base
Over 750 rules & best practices
You are auditing:
Enable Trusted Microsoft Services for Storage Account Access
Risk level: Medium