Blob Container Private Access
Ensures that all blob containers do not have anonymous public access set
Blob containers set with public access enables anonymous users to read blobs within a publicly accessible container without authentication. All blob containers should have private access configured.
Recommended Actions
Follow the appropriate remediation steps below to resolve the issue.
-
Log into the Microsoft Azure Management Console.
-
Find the search bar at the top and search for Storage account.
-
Select the “Storage account” by clicking on the “Name” link to access the configuration changes.
-
In the left navigation panel click on “Containers” under “Data storage”.
-
In the Containers List, select the container for which the column “Public access level” shows “Blob” or “Container” and click on “Change access level” button at the top.
-
In the “Change access level” pop up the “Public access level” dropdown should be set to “Private(no anonymous access)”. If it is set to “Blob” or “Container” then anonymous requests are allowed at the service level and this is against azure best practices.
-
In the “Change access level” pop up click on the “Public access level” dropdown and select “Private(no anonymous access)” and click “OK” to make the necessary changes.
-
Repeat steps number 5 - 7 to ensure that all blob containers have private access level.