Ensure public network access is disabled for Azure Batch Account

MEDIUM

Description

Allowing unrestricted, public access to cloud services could open an application up to external attack. Disallowing this access is typically considered best practice.

Remediation

In Azure Console -

Open the Azure Portal and go to Batch Account.
Select the Batch Service you want.
Select the Networking Tab and under 'Public network access', choose 'Disabled'.

In Terraform -

In the azurerm_batch_account resource, set 'public_network_access_enabled' to 'false'. By default 'public_network_access_enabled' is set to 'true'.

References:
https://learn.microsoft.com/en-us/azure/batch/public-network-access
https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/batch_account#public_network_access_enabled

Policy Details

Rule Reference ID: AC_AZURE_0263

CSP: Azure

Remediation Available: Yes

Domain: Infrastructure Security

Resource: azurerm_batch_account

Resource Category: Management

Resource Type: Batch

Frameworks

GDPR
HIPAA
ISO-27001
NIST-800-171
NIST-800-53
NIST-CSF
PCI-DSSv3.2.1
PCI-DSSv4.0

Detections

Analytics