One security recommendation Microsoft established in Azure Security Center is to disable public access to storage accounts. In this post, I will show you how you can configure your storage account to prevent public access to an Azure storage account using PowerShell and the Azure CLI.

Microsoft recommends that you do not allow public access to a storage account unless anonymous access is strictly necessary.

Important: Disallowing public access for a storage account overrides the public access settings for all containers in your storage account.

Prerequisites

  • This tutorial assumes that you already have a Microsoft Azure account configured.
  • You can use an existing Storage Account or create a new one. Check out this link if you want to know how to create a Storage Account using PowerShell.

Azure PowerShell Workaround

Check out this link if you want to know how to install the PowerShell Azure module on your machine.

The simplest way to get started is to sign in interactively at the command line.

This cmdlet will bring up a dialog box prompting you for your email address and password associated with your Azure account.
You can choose the default subscription if you have more than one associated with your mail account. To perform this task, we will use the following commands:

Once you set your default subscription, you are ready to start.

Set the variables

Here, we define the characteristics of our environment and the resource’s properties.

Get the current setting in your storage account

To get the current settings for your storage account, you should use the Get-AzStorageAccount cmdlet with the following syntax.

Disable public access on your Azure storage account

To change the value of the property AllowBlobPublicAccess, you should use the Set-AzStorageAccount cmdlet with the following syntax.

 Set-AzStorageAccount

Verify the changes made

Finally, you should use the following command to verify that the change has been made correctly.

Azure CLI Workaround

In this case, we will use Azure Cloud Shell, a browser-based shell built into Azure Portal. This allows us to use the Azure command-line tools (Azure CLI and Azure PowerShell) directly from a browser. If you want to know more about Azure Cloud Shell, check out this link.

First, we define the characteristics of our environment and store the values in variables.

Get the current setting in your Azure storage account

To get the current settings for your storage account, you should use the following command.

Disable public access to your storage account

To change the value of the property AllowBlobPublicAccess, you should use the following command.

public access azure storage

Verify the changes made

Finally, you should use the following command to verify that the change has been made correctly.

Thanks for reading my post. I hope you find it helpful.

If you want to know more about Security recommendations for Azure storage accounts, check out this link.