💼 9.3.5 Ensure 'Allow Azure services on the trusted services list to access this storage account' is Enabled for Storage Account Access (Automated)
- ID:
/frameworks/cis-azure-v5.0.0/09/03/05
Stats
not available
Description
NOTE: This recommendation assumes that the 'Public network access' parameter is set to 'Enabled from selected virtual networks and IP addresses'. Please ensure the prerequisite recommendation has been implemented before proceeding:
- Ensure Default Network Access Rule for Storage Accounts is Set to Deny
If the 'Allow Azure services on the trusted services list to access this storage account' exception is enabled, the following services are granted access to the storage account:
- Azure Backup,
- Azure Data Box,
- Azure DevTest Labs,
- Azure Event Grid,
- Azure Event Hubs,
- Azure File Sync,
- Azure HDInsight,
- Azure Import/Export,
- Azure Monitor,
- Azure Networking Services, and
- Azure Site Recovery (when registered in the subscription).
Similar
- Sections
/frameworks/cis-azure-v3.0.0/04/08/frameworks/cis-azure-v4.0.0/10/03/05/frameworks/cis-azure-v6.0.0/09/03/05
Similar Sections (Take Policies From)
Similar Sections (Give Policies To)
| Section | Sub Sections | Internal Rules | Policies | Flags | Compliance |
|---|---|---|---|---|---|
| 💼 CIS Azure v6.0.0 → 💼 9.3.5 Ensure 'Allow trusted Microsoft services to access this resource' is Enabled for Storage Account Access (Automated) | 1 | no data |
Sub Sections
| Section | Sub Sections | Internal Rules | Policies | Flags | Compliance |
|---|
Policies (1)
| Policy | Logic Count | Flags | Compliance |
|---|---|---|---|
| 🛡️ Azure Storage Account Trusted Azure Services are not enabled as networking exceptions🟢 | 1 | 🟢 x6 | no data |