💼 4.8 Ensure 'Allow Azure services on the trusted services list to access this storage account' is Enabled for Storage Account Access (Automated)
- ID:
/frameworks/cis-azure-v3.0.0/04/08
Description
NOTE: This recommendation assumes that the Public network access parameter is set to Enabled from selected virtual networks and IP addresses. Please ensure the prerequisite recommendation
has been implemented before proceeding:
- Ensure Default Network Access Rule for Storage Accounts is Set to Deny
Some Azure services that interact with storage accounts operate from networks that can't be
granted access through network rules. To help this type of service work as intended, allow the
set of trusted Azure services to bypass the network rules. These services will then use strong
authentication to access the storage account. If the Allow Azure services on the trusted services list to access this storage account exception is enabled, the following services are granted access
to the storage account: Azure Backup, Azure Data Box, Azure DevTest Labs, Azure Event Grid, Azure
Event Hubs, Azure File Sync, Azure HDInsight, Azure Import/Export, Azure Monitor, Azure Networking
Services, and Azure Site Recovery (when registered in the subscription).
Similar
- Sections
/frameworks/cis-azure-v2.1.0/03/09/frameworks/cis-azure-v4.0.0/10/03/05
Similar Sections (Take Policies From)
Similar Sections (Give Policies To)
Sub Sections
| Section | Sub Sections | Internal Rules | Policies | Flags | Compliance |
|---|
Policies (1)