💼 9.3.5 Ensure 'Allow Azure services on the trusted services list to access this storage account' is Enabled for Storage Account Access (Automated)

• ID: /frameworks/cis-azure-v5.0.0/09/03/05

Description

NOTE: This recommendation assumes that the 'Public network access' parameter is set to 'Enabled from selected virtual networks and IP addresses'. Please ensure the prerequisite recommendation has been implemented before proceeding: • Ensure Default Network Access Rule for Storage Accounts is Set to Deny If the 'Allow Azure services on the trusted services list to access this storage account' exception is enabled, the following services are granted access to the storage account: • Azure Backup, • Azure Data Box, • Azure DevTest Labs, • Azure Event Grid, • Azure Event Hubs, • Azure File Sync, • Azure HDInsight, • Azure Import/Export, • Azure Monitor, • Azure Networking Services, and • Azure Site Recovery (when registered in the subscription).

Similar

• Sections
  • /frameworks/cis-azure-v3.0.0/04/08
  • /frameworks/cis-azure-v4.0.0/10/03/05

Similar Sections (Take Policies From)

Section	Sub Sections	Internal Rules	Policies	Flags	Compliance
💼 CIS Azure v3.0.0 → 💼 4.8 Ensure 'Allow Azure services on the trusted services list to access this storage account' is Enabled for Storage Account Access (Automated)			1		no data
💼 CIS Azure v4.0.0 → 💼 10.3.5 Ensure 'Allow Azure services on the trusted services list to access this storage account' is Enabled for Storage Account Access (Automated)			1		no data

Sub Sections

Section	Sub Sections	Internal Rules	Policies	Flags	Compliance

Policies (1)

Policy	Logic Count	Flags	Compliance
🛡️ Azure Storage Account Trusted Azure Services are not enabled as networking exceptions🟢	1	🟢 x6	no data