iCompaas Support

Profile Applicability:

•  Level 1

Description:
 Key rotation reminders notify administrators when storage account access keys are nearing expiration or require rotation. Enabling these reminders helps maintain key security hygiene by prompting timely key rotations, reducing risks of key compromise or unauthorized access.

Rationale:
 Regular rotation of storage account keys is a critical security practice to prevent prolonged exposure from compromised or leaked keys. Automated reminders assist administrators in adhering to key rotation policies, strengthening overall account security.

Impact:

Pros:

• Promotes timely key rotation and reduces risk of key misuse.
  

• Enhances security posture and compliance with best practices.
  

• Provides operational visibility into key management status.
  

Cons:

• May require process adjustments to handle rotation alerts.
  

• Potential alert fatigue if not managed properly.
  

Default Value:
 Key rotation reminders are typically disabled by default and must be enabled explicitly.

Pre-requisites:

• Azure subscription with Storage Accounts.
  

• Permissions to configure diagnostic settings and alerts.
  

Remediation

Test Plan:

Using Azure Portal:

1. Sign in to https://portal.azure.com.
   

2. Navigate to Storage Accounts and select the target account.
   

3. Go to Diagnostic settings or Alerts.
   

4. Verify that key rotation reminder alerts or notifications are enabled.
   

Using Azure CLI:

1. Review alert rules related to key rotation for the storage account:
   

   az monitor alert list --resource-group --query "[?contains(name, 'KeyRotation')]"

2. Confirm that alerts for key rotation reminders are configured and active.
   

Implementation Plan

Using Azure Portal:

1. Create or enable alert rules or diagnostic settings to send key rotation reminders via email or other channels.
   

2. Configure thresholds and notification recipients according to organizational policy.
   

3. Save and test alert functionality.
   

Using Azure CLI:

1. Create an alert rule for key rotation reminders:
   

   az monitor metrics alert create --name --resource-group --scopes /subscriptions//resourceGroups//providers/Microsoft.Storage/storageAccounts/ --condition "total storageAccountKeyExpiryEvent > 0" --action --description "Key rotation reminder alert"

2. Verify alert creation.
   

Backout Plan

Using Azure Portal:

1. Disable or delete alert rules if needed.
   

2. Monitor for any missed rotation reminders.
   

Using Azure CLI:

1. Delete alert rules:
   az monitor alert delete --name --resource-group
   

References:

• Azure Monitor Alerts
  Manage Storage Account Access Keys