🛡️ Azure Storage Account Default To OAuth Authentication is not set to Yes🟢
- Contextual name: 🛡️ Default To OAuth Authentication is not set to Yes🟢
- ID:
/ce/ca/azure/storage/default-to-microsoft-entra-autorization
- Tags:
- Policy Type:
BEST_PRACTICE
- Policy Categories:
SECURITY
Logic
Description
Description
When this property is enabled, the Azure portal authorizes requests to blobs, files, queues, and tables with Microsoft Entra ID by default.
Rationale
Microsoft Entra ID provides superior security and ease of use over Shared Key.
Audit
This policy flags an Azure Storage Account as
INCOMPLIANT
if itsDefault To OAuth Authentication
is not set to Yes.Default Value
By default,
defaultToOAuthAuthentication
is disabled.References
Remediation
Remediation
From Azure Portal
- Go to
Storage accounts
.- Click the name of a storage account.
- Under
Settings
, clickConfiguration
.- Under
Default to Microsoft Entra authorization in the Azure portal
, click the radio button next toEnabled
.- Click
Save
.- Repeat steps 1-5 for each storage account requiring remediation.
From Azure CLI
For each storage account requiring remediation, run the following command to enable
defaultToOAuthAuthentication
:az storage account update --resource-group <resource-group> --name <storage-account> --set defaultToOAuthAuthentication=true
policy.yaml
Linked Framework Sections
Section | Sub Sections | Internal Rules | Policies | Flags | Compliance |
---|---|---|---|---|---|
💼 CIS Azure v4.0.0 → 💼 10.3.3.1 Ensure that 'Default to Microsoft Entra authorization in the Azure portal' is set to 'Enabled' (Automated) | 1 | no data | |||
💼 Cloudaware Framework → 💼 Secure Access | 55 | no data |