Trusted Microsoft Services should have bypass access to Storage accounts
| Property | |
|---|---|
| Language |  |
| Severity |  |
| Service | storage |
| Provider | Azure |
| Vulnerability Type | omission |
Description#
Storage account network rules are configured without allowing ‘AzureServices’ in the bypass list, preventing trusted Microsoft services from accessing the storage account as intended. This restricts legitimate service integrations that rely on direct access beyond typical network rules.
Impact#
Trusted Microsoft services, such as Azure Backup or Azure Monitoring, may fail to interact with the storage account, potentially causing disruptions in backups, monitoring, or other automated operations. This could lead to service outages, data loss, or inability to meet compliance and operational requirements.
Resolution#
Allow Trusted Microsoft Services to bypass