Iffy Azure Storage Default Setting Getting Nixed in August
Microsoft gave notice on Wednesday that it will disable a default setting in Azure Storage that can permit anonymous access and cross-tenant replication.
This new approach will start in August, but it will just be in effect for newly created Azure Storage accounts.
Currently, the Azure Storage service allows users with the requisite administrative privileges to specify public access, and then further specify anonymous access, for Azure Storage container data. This state of affairs represents a possible security risk for organizations.
Here how that scenario was characterized in this Microsoft document, dated Feb. 19, 2023:
By default, a storage account is configured to allow a user with the appropriate permissions to enable public access to a container. When public access is allowed, a user with the appropriate permissions can modify a container's public access setting to enable anonymous public access to the data in that container.
Microsoft is planning to alter that scenario for new Azure Storage accounts "beginning August 2023." At that time, Microsoft will disable "anonymous access and cross tenant replication for all new storage accounts by default, to align with best practices for security and reduce the risk of data exfiltration."
Microsoft already disallows anonymous access to Azure containers by default. The new policy for Azure Storage, starting in August for new accounts, will be consistent that security precedent.
For some reason, Microsoft isn't enforcing such a default change to existing Azure Storage accounts. However, organizations using the potentially insecure default setting are being advised to "follow best practices for security and disable anonymous access and cross tenant replication settings if these capabilities are not required for your scenarios."
About the Author
Kurt Mackie is senior news producer for 1105 Media's Converge360 group.