Ensure that the access to your Microsoft Azure Storage blobs, files, tables and queues is limited only to specific (trusted) public IP address and/or IP address range in order to protect your data against unauthorized access. Prior to running this conformity rule by the Cloud Conformity engine, you need to specify the list of public IPv4 addresses and/or IPv4 address ranges that are allowed to access your storage account, within the rule settings, on your Cloud Conformity account console.
This rule resolution is part of the Conformity Security & Compliance tool for Azure.
Allowing untrustworthy access to your Microsoft Azure Storage account can lead to unauthorized actions such as reading, uploading, modifying or deleting data. To prevent data exposure, data loss or unexpected charges on your Azure monthly bill, make sure that your storage account is accessible only to a short list of safelisted IP addresses representing account administrators, trusted internet-based services and/or specific on-premises networks.
Audit
To determine if the access to your storage account is restricted to specific (trusted) IP addresses/IP address ranges, perform the following actions:
Remediation / Resolution
To restrict your Azure Storage account network access to specific (trusted) IP addresses and/or IP ranges, perform the following actions:
References
- Azure Official Documentation
- Manage storage account access keys
- Configure Azure Storage firewalls and virtual networks
- Azure PowerShell Documentation
- az storage account list
- az storage account show
- az storage account network-rule remove
Unlock the Remediation Steps
Free 30-day Trial
Automatically audit your configurations with Conformity
and gain access to our cloud security platform.
You are auditing:
Limit Storage Account Access by IP Address
Risk Level: Medium