π Azure Storage Account Default To OAuth Authentication is not set to Yes π’
- Contextual name: π Default To OAuth Authentication is not set to Yes π’
- ID:
/ce/ca/azure/storage/default-to-microsoft-entra-autorization - Located in: π Azure Storage
Flagsβ
- π’ Policy with categories
- π’ Policy with type
- π’ Production policy
Our Metadataβ
- Policy Type:
BEST_PRACTICE - Policy Category:
SECURITY
Logicβ
- π§ prod.logic.yaml π’
Descriptionβ
Descriptionβ
When this property is enabled, the Azure portal authorizes requests to blobs, files, queues, and tables with Microsoft Entra ID by default.
Rationaleβ
Microsoft Entra ID provides superior security and ease of use over Shared Key.
Auditβ
This policy flags an Azure Storage Account as
INCOMPLIANTif itsDefault To OAuth Authenticationis not set to Yes.Default Valueβ
By default,
defaultToOAuthAuthenticationis disabled.Referencesβ
Remediationβ
Remediationβ
From Azure Portalβ
- Go to
Storage accounts.- Click the name of a storage account.
- Under
Settings, clickConfiguration.- Under
Default to Microsoft Entra authorization in the Azure portal, click the radio button next toEnabled.- Click
Save.- Repeat steps 1-5 for each storage account requiring remediation.
From Azure CLIβ
For each storage account requiring remediation, run the following command to enable
defaultToOAuthAuthentication:az storage account update --resource-group <resource-group> --name <storage-account> --set defaultToOAuthAuthentication=true
policy.yamlβ
Linked Framework Sectionsβ
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|---|---|---|---|
| πΌ CIS Azure v4.0.0 β πΌ 10.3.3.1 Ensure that 'Default to Microsoft Entra authorization in the Azure portal' is set to 'Enabled' (Automated) | 1 | |||
| πΌ Cloudaware Framework β πΌ Secure Access | 53 |