3. Storage Accounts

3.1 Ensure that 'Secure transfer required' is set to 'Enabled'
Description: The Data in the storage account has various levels of security to protect the data from anonymous access, they are CORS, Management plane &...
Mon, 21 Aug, 2023 at 8:31 AM
3.2 Ensure that storage account access keys are periodically regenerated
Description: Regenerate storage account access keys periodically. Rationale: When a storage account is created, Azure generates two 512-bit storage ac...
Wed, 22 Sep, 2021 at 2:03 AM
Ensure Storage Logging is Enabled for Queue Service for 'Read', 'Write', and 'Delete' requests (Automated)
Description: The Storage Queue service stores messages that may be read by any client who has access to the storage account. A queue can contain an unlimit...
Thu, 7 Sep, 2023 at 10:44 AM
3.4 Ensure that shared access signature tokens expire within an hour
Description: The SAS token is the query string that includes all of the information required to authenticate the Shared Access Signature, as well as to spe...
Mon, 25 Jul, 2022 at 3:42 AM
Ensure that 'Public access level' is disabled for storage accounts with blob containers (Automated).
Description: Disable anonymous access to blob containers and disallow blob public access on the storage account. Rationale: Anonymous, public read acc...
Thu, 7 Sep, 2023 at 10:46 AM
3.6 Ensure default network access rule for Storage Accounts is set to deny
Description: Restricting default network access helps to provide a new layer of security since storage accounts accept connections from clients on any netw...
Wed, 22 Sep, 2021 at 7:57 AM
Ensure 'Allow Azure services on the trusted services list to access this storage account' is Enabled for Storage Account Access
Description: Some Microsoft services that interact with storage accounts operate from networks that can't be granted access through network rules. To h...
Thu, 7 Sep, 2023 at 10:47 AM
3.8 Ensure soft delete is enabled for Azure Storage
Description: The Azure Storage blobs contain data like ePHI, Financial, secret or personal. Erroneously modified or deleted accidentally by an application ...
Wed, 22 Sep, 2021 at 9:20 AM
3.9 Ensure storage for critical data are encrypted with Customer Managed Key
Description: Enable sensitive data encryption at rest using Customer Managed Keys rather than Microsoft Managed keys. Rationale: By default, data in t...
Wed, 22 Sep, 2021 at 9:30 AM