Severity : High
Description : The container used to store Activity Log data should not be exposed publicly to avoid data exposure of sensitive activity logs.
Remediation Steps : Ensure the access level for the storage account containing Activity Log data is set to private.
Description: This control ensures that Public Access Level is set to Private to restrict anonymous access to the containers. Anonymous, public read access to a container grants read-only access to these resources without sharing the account key, and without requiring a shared access signature. It is recommended not to provide anonymous access to blob containers.
Remediation Steps:
Perform following to update parameters:
Login to Azure Portal using https://portal.azure.com.
Go to Storage Accounts.
For each storage account, go to Containers under BLOB SERVICE.
For each container, click Change Access level.
Set Public access level to Private (no anonymous access).
For each storage account, go to Configuration under Settings.
Go to Allow Blob public access.
Set Disabled.
Important:
Reference:
CIS Microsoft Azure Foundations Benchmark v1.3.0 - 02-01-2021 : Recommendation #3.5
https://docs.microsoft.com/en-us/azure/storage/blobs/storage-manage-access-to-resources