AZ-012 Microsoft Azure

Storage accounts disallow public blob access.

Storage accounts disallow public blob access.

Domain
Microsoft Azure
Area
Storage
Automated / manual
Automated

Risk if it fails

Public containers leak data.

A storage account left open publishes its files to the internet. This is one of the most common ways private documents and backups get leaked.

How Tess tests it

1 test — each concludes only on cited evidence.

Storage accounts disallow public blob access.

Automated
Procedure
Confirm allowBlobPublicAccess=false on each account.

Read-only command 

az storage account list --query '[].{Name:name,PublicBlob:allowBlobPublicAccess}' -o table

More in Microsoft Azure

AZ-001 MFA is enforced for all users, especially privileged roles. AZ-002 Number of Global Administrators is limited (typically 2-4). AZ-003 Privileged Identity Management (PIM) provides just-in-time elevation. AZ-004 Legacy/basic authentication is blocked.

Want Tess to test AZ-012 against your evidence?

Book a demo