One of the security recommendations established by Microsoft in Azure Security Center is to disable public access to storage accounts. In this post, I will show you how you can configure your storage account to prevent public access to an Azure storage account using PowerShell and the Azure CLI.

Microsoft recommends that you do not allow public access to a storage account unless anonymous access is strictly necessary.

Important: Disallowing public access for a storage account overrides the public access settings for all containers in your storage account.

Prerequisites

  • This tutorial assumes that you already have a Microsoft Azure account configured.
  • You can use an existing Storage Account, or you can create a new one. If you want to know how to create a Storage Account using PowerShell, check out this link.

Azure PowerShell Workaround

If you want to know how to install the PowerShell Azure module on your machine, check out this link.

The simplest way to get started is to sign in interactively at the command line.

This cmdlet will bring up a dialog box prompting you for your email address and password associated with your Azure account.
If you have more than one subscription associated with your mail account, you can choose the default subscription. To perform this task, we will use the following commands:

Once you set your default subscription, you are ready to start.

Set the variables

Here, we define the characteristics of our environment and the resource’s properties.

Get the current setting in your storage account

To get the current settings for your storage account, you should use the Get-AzStorageAccount cmdlet with the following syntax.

Disable public access on your Azure storage account

To change the value of the property AllowBlobPublicAccess, you should use the Set-AzStorageAccount cmdlet with the following syntax.

 Set-AzStorageAccount

Verify the changes made

Finally, to verify that the change has been made correctly, you should use the following command.

Azure CLI Workaround

In this case, we will use Azure Cloud Shell, a browser-based shell built into Azure Portal. This allows us to use the Azure command-line tools (Azure CLI and Azure PowerShell) directly from a browser. If you want to know more about Azure Cloud Shell, check out this link.

First, we define the characteristics of our environment and store the values in variables.

Get the current setting in your Azure storage account

To get the current settings for your storage account, you should use the following command.

Disable public access on your storage account

To change the value of the property AllowBlobPublicAccess, you should the following command.

public access azure storage

Verify the changes made

Finally, to verify that the change has been made correctly, you should use the following command.

Thanks for reading my post. I hope you find it useful.

If you want to know more about Security recommendations for Azure storage accounts, check out this link: https://docs.microsoft.com/en-us/azure/storage/blobs/security-recommendations