More Info:

Anonymous, public read access to a container and its blobs can be enabled in Azure Blob storage. It grants read-only access to these resources without sharing the account key, and without requiring a shared access signature. It is recommended not to provide anonymous access to blob containers until, and unless, it is strongly desired. A shared access signature token should be used for providing controlled and timed access to blob containers.

Risk Level

Medium

Address

Security

Compliance Standards

SOC2, ISO27001, GDPR, CISAZURE, CBP, NISTCSF

Triage and Remediation

Remediation

Sure, here are the step-by-step instructions to remediate the issue of Blob Containers Allowing Public Access in Azure:

  1. Login to your Azure portal (https://portal.azure.com/).

  2. Navigate to the storage account that contains the Blob Container that has public access enabled.

  3. Click on the Blob Container that has public access enabled.

  4. Click on the “Access Policy” option from the left-hand menu.

  5. From the “Public access level” dropdown, select the option “Private (no anonymous access)“.

  6. Click on the “Save” button to save the changes.

  7. Repeat the above steps for all Blob Containers that have public access enabled.

By following the above steps, you have successfully remediated the issue of Blob Containers Allowing Public Access in Azure.

Additional Reading: