June 5, 2018

Azure Policy – Auditing public blob storage

In a Governance project, one of the most common policy to implement is the one that you don’t allow any blob storage to be public. That usually could be a major information breach. When you make a blob storage in Azure public, you are giving at least reading privilege to the world.

In this case, the idea is to audit what blob storage are public. This policy is not denying the user to create public blob storage on the subscription, it’s only auditing which blob storage is public, so you can take an action if applicable.

Here is the example of the policy to be implemented:

{

  “policyRule”: {

    “if”: {

      “allOf”: [

        {

          “field”: “type”,

          “equals”: “Microsoft.Storage/storageAccounts”

        },

        {

          “field”: “Microsoft.Storage/storageAccounts/networkAcls.defaultAction”,

          “notequals”: “Deny”

        }

      ]

    },

    “then”: {

      “effect”: “audit”

    }

  },

  “parameters”: {}

}

 Cheers,

Marcos Nogueira
Azure MVP
azurecentric.com
Twitter: @mdnoga

Written by Marcos Nogueira

Marcos Nogueira

With more than 18 years experience in Datacenter Architectures, Marcos Nogueira is currently working as a Principal Cloud Solution Architect. He is an expert in Private and Hybrid Cloud, with a focus on Microsoft Azure, Virtualization and System Center. He has worked in several industries, including Aerospace, Transportation, Energy, Manufacturing, Financial Services, Government, Health Care, Telecoms, IT Services, and Gas & Oil in different countries and continents. Marcos was a Canadian MVP in System Center Cloud & Datacenter Managenment and he has +14 years as Microsoft Certified, with more than 100+ certifications (MCT, MCSE, and MCITP, among others). Marcos is also certified in VMware, CompTIA and ITIL v3. He assisted Microsoft in the development of workshops and special events on Private & Hybrid Cloud, Azure, System Center, Windows Server, Hyper-V and as a speaker at several Microsoft TechEd/Ignite and communities events around the world.

Share

Marcos Nogueira

With more than 18 years experience in Datacenter Architectures, Marcos Nogueira is currently working as a Principal Cloud Solution Architect. He is an expert in Private and Hybrid Cloud, with a focus on Microsoft Azure, Virtualization and System Center. He has worked in several industries, including Aerospace, Transportation, Energy, Manufacturing, Financial Services, Government, Health Care, Telecoms, IT Services, and Gas & Oil in different countries and continents. Marcos was a Canadian MVP in System Center Cloud & Datacenter Managenment and he has +14 years as Microsoft Certified, with more than 100+ certifications (MCT, MCSE, and MCITP, among others). Marcos is also certified in VMware, CompTIA and ITIL v3. He assisted Microsoft in the development of workshops and special events on Private & Hybrid Cloud, Azure, System Center, Windows Server, Hyper-V and as a speaker at several Microsoft TechEd/Ignite and communities events around the world.

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: