HIGH
Source
CloudSploit
ID
blob-container-private-access

Blob Container Private Access

Ensures that all blob containers do not have anonymous public access set

Blob containers set with public access enables anonymous users to read blobs within a publicly accessible container without authentication. All blob containers should have private access configured.

Follow the appropriate remediation steps below to resolve the issue.

  1. Log into the Microsoft Azure Management Console.

  2. Find the search bar at the top and search for Storage account. Step

  3. Select the “Storage account” by clicking on the “Name” link to access the configuration changes. Step

  4. In the left navigation panel click on “Containers” under “Data storage”.Step

  5. In the Containers List, select the container for which the column “Public access level” shows “Blob” or “Container” and click on “Change access level” button at the top.Step

  6. In the “Change access level” pop up the “Public access level” dropdown should be set to “Private(no anonymous access)”. If it is set to “Blob” or “Container” then anonymous requests are allowed at the service level and this is against azure best practices.

  7. In the “Change access level” pop up click on the “Public access level” dropdown and select “Private(no anonymous access)” and click “OK” to make the necessary changes.

  8. Repeat steps number 5 - 7 to ensure that all blob containers have private access level.