Secure your data by disabling anonymous access to blob containers provisioned within your Azure Storage account. This action effectively prevents public, unauthenticated access to your sensitive blob data.
This rule resolution is part of the Conformity Security & Compliance tool for Azure.
A user who accesses blob containers anonymously can utilize constructors that do not require credentials, such as shared access signatures. To adhere to security best practices, it is strongly recommended to disable anonymous access to each blob container available within your Azure Storage account, unless absolutely necessary. A shared access signature token should only be used to provide controlled and time-limited access to your blob containers.
Audit
To determine whether anonymous access to Azure Storage blob containers is disabled, perform the following operations:
Remediation / Resolution
To disable public (anonymous) access to the blob containers provisioned within your Microsoft Azure Storage account, perform the following operations:
References
- Azure Official Documentation
- Configure anonymous read access for containers and blobs
- Remediate anonymous read access to blob data (Azure Resource Manager deployments)
- Azure Command Line Interface (CLI) Documentation
- az account list
- az account set
- az storage account list
- az storage container list
- az storage container show
- az storage container set-permission