Azure-StorageAccounts-Log-Container-Public-Access

Severity : High

Description: This control ensures that Public Access Level is set to Private to restrict anonymous access to the containers. Anonymous, public read access to a container grants read-only access to these resources without sharing the account key, and without requiring a shared access signature. It is recommended not to provide anonymous access to blob containers.

Remediation Steps:

Perform following to update Storage Account public access :

1. Login to Azure Portal using https://portal.azure.com.

2. Go to Storage Accounts.

3. For each storage account, go to Containers under BLOB SERVICE.

4. For each container, click Change Access level.

5. Set Public access level to Private (no anonymous access).

6. For each storage account, go to Configuration under Settings.

7. Go to Allow Blob public access.

8. Set Disabled.

Important:

Reference:

• CIS Microsoft Azure Foundations Benchmark v1.3.0 - 02-01-2021 : Recommendation #3.5

• https://docs.microsoft.com/en-us/azure/storage/blobs/storage-manage-access-to-resources