Remediation
From Azure Portalβ
Key Vaults can be configured to use Azure role-based access control on creation.
For existing Key Vaults:
- From Azure Home open the Portal Menu in the top left corner
- Select
Key Vaults - Select a Key Vault to audit
- Select
Networking - NEXT
From Azure CLIβ
To disable Public network access for each Key Vault, run the following Azure CLI command:
az keyvault update --resource-group <resource_group> --name <vault_name> --public-network-access Disabled
From PowerShellβ
To enable RBAC authorization on each Key Vault, run the following PowerShell command:
Update-AzKeyVault -ResourceGroupName <resource_group> -VaultName <vault_name> -PublicNetworkAccess "Disabled"