Control: Azure > CIS v4.0 > 10 - Storage Services > 10.03 - Storage Accounts > 10.03.01 - Secrets and Keys > 10.03.01.03 - Ensure 'Allow storage account key access' for Azure Storage Accounts is 'Disabled'
Configures auditing against a CIS Benchmark item.
Level: 1
Every secure request to an Azure Storage account must be authorized. By default, requests can be authorized with either Microsoft Entra credentials or by using the account access key for Shared Key authorization.
Microsoft Entra ID provides superior security and ease of use compared to Shared Key and is recommended by Microsoft. To require clients to use Microsoft Entra ID for authorizing requests, you can disallow requests to the storage account that are authorized with Shared Key.
Resource Types
This control targets the following resource types:
Policies
This control type relies on these other policies when running actions:
- Azure > CIS v4.0 > 10 - Storage Services > 10.03 - Storage Accounts > 10.03.01 - Secrets and Keys > 10.03.01.03 - Ensure 'Allow storage account key access' for Azure Storage Accounts is 'Disabled'
- Azure > CIS v4.0
- Azure > CIS v4.0 > 10 - Storage Services
Category
In Your Workspace
Developers
- tmod:@turbot/azure-cisv4-0#/control/types/r10030103
- tmod:@turbot/cis#/control/categories/v071607
- turbot graphql controls --filter "controlTypeId:tmod:@turbot/azure-cisv4-0#/control/types/r10030103"
Get Controls
Control Type URI
Category URI
GraphQL
CLI