Ensure public access is disabled for Azure Managed Disk

HIGH

Description

Allowing unrestricted, public access to cloud services could open an application up to external attack. Disallowing this access is typically considered best practice.

Remediation

In Azure Console -

In Azure portal, navigate to managed disk.
Click on networking, and select Private endpoint.

In Terraform -

In the azurerm_managed_disk resource, set 'network_access_policy' attribute to 'AllowPrivate'.

References:
https://learn.microsoft.com/en-us/azure/virtual-machines/managed-disks-overview
https://learn.microsoft.com/en-us/azure/private-link/private-link-overview
https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/managed_disk#network_access_policy

Policy Details

Rule Reference ID: AC_AZURE_0321

CSP: Azure

Remediation Available: Yes

Domain: Infrastructure Security

Resource: azurerm_managed_disk

Resource Category: Storage

Resource Type: Disk

Frameworks

GDPR
HIPAA
ISO-27001
NIST-800-171
NIST-800-53
NIST-CSF
PCI-DSSv3.2.1
PCI-DSSv4.0

Detections

Analytics