iCompaas Support

Description:

This setting ensures that all Azure Storage Accounts with blob containers do not allow public access. Public access allows anonymous users on the internet to read blob data without authentication. Disabling it forces all access to require authentication via Azure AD, shared access signatures (SAS), or storage account keys, preventing unintended exposure of data.

Rationale:

• Data protection: Prevents sensitive or confidential data from being exposed publicly.

• Regulatory compliance: Supports adherence to standards such as CIS Azure Foundations, ISO 27001, NIST, GDPR, and other relevant security frameworks.

• Security best practice: Reduces the risk of unauthorized access, accidental leaks, and exfiltration of data by limiting access to authenticated users only.

Impact:

Strengthens the organisation’s security posture by eliminating public exposure.

Helps meet audit and compliance requirements.

Default Value:

By default, the Public access level is set to Private (no anonymous access) for blob containers. By default, AllowBlobPublicAccess is set to Disabled (allow in effect) for the storage account.

Test Plan:

1. Sign in to your Azure account https://portal.azure.com.

2. Search for Storage Accounts. Configure the settings for each storage account.

3. By default, containers are created with blocked public access.

4. Under the settings section, click on configuration.

5. Verify Allow Blob anonymous access is set to Disabled

6. If Allow Blob anonymous access is enabled, follow the implementation steps 

Implementation:

1. Sign in to your Azure account https://portal.azure.com.

2. Search for  Storage Accounts.

3. For each storage account, go to Containers under BLOB.

4. By default, containers are created with blocked public access.

5. For each storage account, Allow Blob public access is disabled by default.

6. On the left side menu under settings sections, click on configuration 

7. Set Allow Blob anonymous access to Disabled 

7. click save

Backout Plan:

1. Sign in to your Azure account https://portal.azure.com.

2. Search for  Storage Accounts.

3. For each storage account, go to Containers under BLOB.

4. By default, containers are created with blocked public access.

5. For each storage account, Allow Blob public access is disabled by default.

6. On the left side menu under settings sections, click on configuration

7. Set Allow Blob anonymous access to Enabled

8. Click Save 

Reference:

• https://learn.microsoft.com/en-us/azure/storage/blobs/anonymous-read-access-configure?tabs=portal