Ensure that the access to your Microsoft Azure Storage blobs, files, tables and queues is limited only to specific (trusted) public IP address and/or IP address range in order to protect your data against unauthorized access. To enable this conformity rule, you must first define the specific public IPv4 addresses or ranges that are authorized to access your storage account. This configuration is done within the rule settings on your Trend Cloud One™ – Conformity account console.
This rule resolution is part of the Conformity Security & Compliance tool for Azure.
Allowing untrustworthy access to your Microsoft Azure Storage account can lead to unauthorized actions such as reading, uploading, modifying or deleting data. To prevent data exposure, data loss or unexpected charges on your Azure monthly bill, make sure that your storage account is accessible only to a short list of authorized IP addresses representing account administrators, trusted internet-based services and/or specific on-premises networks.
Audit
To determine if the access to your storage account is restricted to specific (trusted) IP addresses/IP address ranges, perform the following operations:
Remediation / Resolution
To restrict your Azure Storage account network access to specific, trusted IP addresses and/or IP ranges, perform the following operations:
References
- Azure Official Documentation
- Manage storage account access keys
- Configure Azure Storage firewalls and virtual networks
- Azure PowerShell Documentation
- az storage account list
- az storage account show
- az storage account network-rule remove
- az storage account network-rule add