I suggest you ...

Azure Policy For Preventing Public Blob Containers

There are no ARM REST API properties for Blob containers which means we can't create an Azure Policy for not allowing people to ever create public blob containers.

This is how every AWS breach has occurred due to accidentally setting storage to public.

93 votes
Vote
Sign in
Check!
(thinking…)
Reset
or sign in with
  • facebook
  • google
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    Chris shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

    5 comments

    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      Signed in as (Sign out)
      Submitting...
      • Kiran commented  ·   ·  Flag as inappropriate

        Please make this a priority and have an option to set these under Azure Policy!

      • Scott commented  ·   ·  Flag as inappropriate

        Now that the ARM templates for Storage Accounts allow setting the access level for blob containers, an Azure Policy can (and should) be created to allow organizations to enforce the 'Public access level'. This would allow a group to enforce that all blob containers have to be 'Private', preventing an accidental data breach from occurring.

        There is a GitHub request for this feature as well:
        https://github.com/Azure/azure-policy/issues/131

      • Matthew commented  ·   ·  Flag as inappropriate

        Please can we see a microsoft response on this. Not having this option is dangerous for enterprise rollout of blob storage.

      Feedback and Knowledge Base