iCompaas Support

Profile Applicability:

• Level 1

Description:
 The 'Allow Blob Anonymous Access' setting controls whether blobs in an Azure Storage Account can be accessed publicly without authentication. Disabling anonymous access ensures that blobs are only accessible to authorized users, protecting sensitive data from public exposure.

Rationale:
 Allowing anonymous access to blobs can lead to unintentional data leaks or unauthorized data consumption. Disabling this setting enforces access control policies and enhances data security by requiring authentication for all blob access.

Impact:

Pros:

• Prevents unauthorized public access to blob data.
  

• Enhances compliance with data privacy and security regulations.
  

• Supports secure application architectures.
  

Cons:

• May disrupt applications or services relying on public blob access.
  

• Requires review and possible modification of access patterns.
  

Default Value:
 Anonymous access is disabled by default on most Azure Storage Accounts but should be verified.

Pre-requisites:

• Permissions to modify storage account access settings.
  

• Understanding of application requirements regarding blob accessibility.
  

Remediation

Test Plan:

Using Azure Portal:

1. Sign in to https://portal.azure.com.
   

2. Navigate to the Storage Account.
   

3. Under Configuration or Settings, check the Allow Blob Anonymous Access option.
   

4. Verify it is set to Disabled.
   

Using Azure CLI:

1. Check anonymous access setting:
   

   # az storage account show --name <storage-account-name> --resource-group <resource-group> --query allowBlobPublicAccess

2. Confirm the output is false.
   

Implementation Plan

Using Azure Portal:

1. In the storage account Configuration settings, disable Allow Blob Anonymous Access.
   

2. Save changes and validate access controls.
   

Using Azure CLI:

1. Disable anonymous blob access:
   

   # az storage account update --name <storage-account-name> --resource-group <resource-group> --allow-blob-public-access false

2. Confirm the update.
   

Backout Plan

Using Azure Portal:

1. Enable Allow Blob Anonymous Access if required.
   

2. Inform stakeholders and monitor for any issues.
   

Using Azure CLI:

Enable anonymous blob access:

# az storage account update --name <storage-account-name> --resource-group <resource-group> --allow-blob-public-access true

References: 

• Configure Public Access for Azure Storage
  

• Azure Storage Security Best Practices