Severity : Critical
Description: This control ensures that admin user account is disable. Container registry includes an admin user account, which is disabled by default. This admin account is currently required for some scenarios to deploy an image from a container registry to certain Azure services. This admin account is designed for a single user to access the registry, mainly for testing purposes. All users authenticating with the admin account appear as a single user with push and pull access to the registry. It is recommend not sharing the admin account credentials among multiple users. Individual identity is recommended for users and service principals for headless scenarios.
Remediation Steps:
Perform following to disable Admin User :
Login to Azure Portal usingĀ https://portal.azure.com.
Navigate to Azure Container registers service.
Under Settings, Select Access Keys.
In Admin User section, Select Disable..
Important:
Reference: