Skip to content

Latest commit

 

History

History
28 lines (22 loc) · 2.55 KB

trusted-ms-access-enabled.md

File metadata and controls

28 lines (22 loc) · 2.55 KB

CloudSploit

AZURE / Storage Accounts / Trusted MS Access Enabled

Quick Info

Plugin Title Trusted MS Access Enabled
Cloud AZURE
Category Storage Accounts
Description Ensures that Trusted Microsoft Services Access is enabled on Storage Accounts
More Info Enabling firewall rules on Storage Accounts blocks all access by default. To ensure that Microsoft and Azure services that connect to the Storage Account still retain access, trusted Microsoft services should be allowed to access the storage account.
AZURE Link https://docs.microsoft.com/en-us/azure/storage/common/storage-network-security
Recommended Action For each Storage Account, configure an exception for trusted Microsoft services.

Detailed Remediation Steps

  1. Log into the Microsoft Azure Management Console.
  2. Select the "Search resources, services, and docs" option at the top and search for Storage account.
  3. Select the "Storage account" by clicking on the "Name" link to access the configuration changes.
  4. Scroll down the selected "Storage account" navigation panel and in "Security + networking" click on the "Networking".
  5. On the "Networking" tab scroll down and cross-check whether the "Trusted Microsoft Services Access is enabled on Storage Accounts" or not under "Exceptions".
  6. Repeat steps number 2 - 5 to check other "Storage account" in the account.
  7. Navigate to the "Storage accounts", select the "Storage account" and click on the "Name", select the "Networking" under "Security + networking" that needs to disable the "Allow access for all networks."
  8. On the "Firewalls and virtual networks" tab under "Exceptions" choose the option of "Allow trusted Microsoft services to access this storage account" and click on the "Save" button at the top to make the changes.
  9. Repeat steps number 7 - 8 to ensure that each Storage Account, has an exception for trusted Microsoft services.