πΌ 4.8 Ensure 'Allow Azure services on the trusted services list to access this storage account' is Enabled for Storage Account Access (Automated)
- Contextual name: πΌ 4.8 Ensure 'Allow Azure services on the trusted services list to access this storage account' is Enabled for Storage Account Access (Automated)
- ID:
/frameworks/cis-azure-v3.0.0/04/08 - Located in: πΌ 4 Storage Accounts
Descriptionβ
NOTE: This recommendation assumes that the Public network access parameter is set to Enabled from selected virtual networks and IP addresses. Please ensure the prerequisite recommendation
has been implemented before proceeding:
- Ensure Default Network Access Rule for Storage Accounts is Set to Deny
Some Azure services that interact with storage accounts operate from networks that can't be
granted access through network rules. To help this type of service work as intended, allow the
set of trusted Azure services to bypass the network rules. These services will then use strong
authentication to access the storage account. If the Allow Azure services on the trusted services list to access this storage account exception is enabled, the following services are granted access
to the storage account: Azure Backup, Azure Data Box, Azure DevTest Labs, Azure Event Grid, Azure
Event Hubs, Azure File Sync, Azure HDInsight, Azure Import/Export, Azure Monitor, Azure Networking
Services, and Azure Site Recovery (when registered in the subscription).
Similarβ
Sub Sectionsβ
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|
Policies (1)β
| Policy | Logic Count | Flags |
|---|---|---|
| π Azure Storage Account Trusted Azure Services are not enabled as networking exceptions π’ | 1 | π’ x6 |