Ensure public access is disabled for Azure Search Service

HIGH

Description

Allowing unrestricted, public access to cloud services could open an application up to external attack. Disallowing this access is typically considered best practice.

Remediation

In Azure Console -

Open the Azure Portal and go to Cognitive Search.
Select the Cognitive Search service you wish to edit.
Under Settings, select Networking.
For Public Network Access, set to Disabled.
Configure Private network access as needed.

In Terraform -

In the azurerm_search_service resource, set public_network_access_enabled to false.

References:
https://learn.microsoft.com/en-us/azure/search/search-what-is-azure-search
https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/search_service#public_network_access_enabled

Policy Details

Rule Reference ID: AC_AZURE_0307

CSP: Azure

Remediation Available: Yes

Domain: Infrastructure Security

Resource: azurerm_search_service

Resource Category: Analytics

Resource Type: Search Service

Frameworks

GDPR
HIPAA
ISO-27001
NIST-800-171
NIST-800-53
NIST-CSF
PCI-DSSv3.2.1
PCI-DSSv4.0

Detections