💼 8.3.7 Ensure Public Network Access is Disabled (Automated)

ID: /frameworks/cis-azure-v6.0.0/08/03/07

Description

Disable public network access to prevent exposure to the internet and reduce the risk of unauthorized access. Use private endpoints to securely manage access within trusted networks.

When a private endpoint is configured on a key vault, connections from Azure resources within the same subnet will use its private IP address. However, network traffic from the public internet can still connect to the key vault's public endpoint (mykeyvault.vault.azure.net) using its public IP address unless public network access is disabled.

Disabling public network access removes the vault's public endpoint from Azure public DNS, reducing its exposure to the public internet. With a private endpoint configured, network traffic will use the vault's private endpoint IP address for all requests (mykeyvault.vault.privatelink.azure.net).

Similar

Sections
- /frameworks/cis-azure-v5.0.0/08/03/07

Similar Sections (Take Policies From)

Section	Sub Sections	Internal Rules	Policies	Flags	Compliance
💼 CIS Azure v5.0.0 → 💼 8.3.7 Ensure Public Network Access is Disabled (Automated)			1		no data

Similar Sections (Give Policies To)

Section	Sub Sections	Internal Rules	Policies	Flags	Compliance
💼 CIS Azure v5.0.0 → 💼 8.3.7 Ensure Public Network Access is Disabled (Automated)			1		no data

Sub Sections

Section	Sub Sections	Internal Rules	Policies	Flags	Compliance

Policies (1)

Policy	Logic Count	Flags	Compliance
🛡️ Azure Key Vault Public Network Access is enabled🟢	1	🟢 x6	no data

Description​

Similar​

Similar Sections (Take Policies From)​

Similar Sections (Give Policies To)​

Sub Sections​

Policies (1)​