Plugin Title Trusted MS Access Enabled
Cloud AZURE
Category Storage Accounts
Description Ensures that Trusted Microsoft Services Access is enabled on Storage Accounts
More Info Enabling firewall rules on Storage Accounts blocks all access by default. To ensure that Microsoft and Azure services that connect to the Storage Account still retain access, trusted Microsoft services should be allowed to access the storage account.
AWS Link https://docs.microsoft.com/en-us/azure/storage/common/storage-network-security
Recommended Action For each Storage Account, configure an exception for trusted Microsoft services.


Detailed Remediation Steps

  1. Log into the Microsoft Azure Management Console.
  2. Select the "Search resources, services, and docs" option at the top and search for Storage account.
  3. Select the "Storage account" by clicking on the "Name" link to access the configuration changes.
  4. Scroll down the selected "Storage account" navigation panel and in "Settings" click on the "Firewalls and virtual networks."
  5. On the "Firewalls and virtual networks" tab scroll down and cross-check whether the "Trusted Microsoft Services Access is enabled on Storage Accounts" or not under "Exceptions."
  6. Repeat steps number 2 - 5 to check other "Storage account" in the account.
  7. Navigate to the "Storage accounts", select the "Storage account" and click on the "Name", select the "Firewalls and virtual networks" under "Settings" that needs to disable the "Allow access for all networks."
  8. On the "Firewalls and virtual networks" tab under "Exceptions" choose the option of "Allow trusted Microsoft services to access this storage account" and click on the "Save" button at the top to make the changes.
  9. Repeat steps number 7 - 8 to ensure that each Storage Account, has an exception for trusted Microsoft services.

Want to scan for this risk automatically?

Get Started Now