Blob Containers anonymous access should be restricted

azure.storage

Description

Ensures that Azure Storage Blob Containers are not publicly accessible.

Rationale

Anonymous access to Azure storage blob containers allows unauthenticated users to perform operations against the blob container. Datadog recommends only allowing authenticated users access to storage blobs.

Remediation

Datadog recommends both making the Blob Container private, and blocking public access at the storage account level.

From the Console

Follow the Set the public access level for a container - Azure Console guide to disable anonymous read access with the Azure Console.

Follow the Remediate anonymous public access for the storage account guide to block public access at the storage account level with the Azure Console.

From the Azure CLI

Follow the Set the public access level for a container - Azure CLI guide to disable anonymous read access with the Azure CLI.

Follow the Remediate anonymous public access for the storage account guide to block public access at the storage account level with the Azure CLI.