Storage containers storing activity logs should only be accessible by authorized personnel

This page is not yet available in Spanish. We are working on its translation.
If you have any questions or feedback about our current translation project, feel free to reach out to us!

Description

Storage account containers containing activity log exports should not be publicly accessible. Allowing public access to activity log content may help an adversary identify weaknesses in the affected account’s usage or configuration.

Remediation

From the console

  1. Search for Storage Accounts in the Azure Portal.
  2. Click on the storage account name.
  3. Click Configuration under Settings.
  4. Select Enabled under Allow Blob public access.
  5. Click Containers under Data Storage on the side panel.
  6. Select the insights-activity-logs container.
  7. Click Change access level and set it to Private (no anonymous access), then click OK.