Ensure public network access is disabled for Azure Data Factory

MEDIUM

Description

Allowing unrestricted, public access to cloud services could open an application up to external attack. Disallowing this access is typically considered best practice.

Remediation

In Azure Console -

Open the Azure Portal and go to Data factories.
Select the Data factory you wish to edit.
Under Settings, choose Networking.
On the Network access tab set to Private endpoint.
Configure the endpoint on the Private endpoint connections tab as needed.

In Terraform -

In the azurerm_data_factory resource, set public_network_enabled to false.

References:
https://learn.microsoft.com/en-us/azure/data-factory/
https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/data_factory#public_network_enabled

Policy Details

Rule Reference ID: AC_AZURE_0261

CSP: Azure

Remediation Available: Yes

Domain: Infrastructure Security

Resource: azurerm_data_factory

Resource Category: Analytics

Resource Type: Data Factory

Frameworks

GDPR
HIPAA
ISO-27001
NIST-800-171
NIST-800-53
NIST-CSF
PCI-DSSv3.2.1
PCI-DSSv4.0

Detections