Azure Storage Accounts – Open to the Internet?

Let’s get straight to the point. From official documentation it states that “To secure your storage account, you should first configure a rule to deny access to traffic from all networks (including internet traffic) by default. Then, you should configure rules that grant access to traffic from specific vnets. This configuration enables you to build a secure network boundary for your applications”.

Navigate to your storage account, what is the default setting? It is shown below.

vnetaccount

Even if you have a multi-layer approach to security you should still be granular and use selected networks and map in the relevant vnets only as shown below.

accountmain

You may have also noticed that you can define access to the account by IP addresses and only those addresses will have access. I am actually not sure why the “all access” setting would be the default.

 

 

 

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s