Ensure that Microsoft Azure Key Vaults are configured to deny access to traffic from all networks.
Access to Azure Key Vaults should be granted to specific Virtual Networks, which allow a secure network boundary for specific applications, or to public IP addresses/IP address ranges, which can enable connections from trusted Internet services and on-premises networks.
Ensure that Microsoft Azure Key Vaults can only be accessed by specific Virtual Networks.