问题描述

我们的客户将数据上传到StorageAcount Azure存储资源管理器或Azure JS客户端SDK。  Azure
安全中心报告StorageAccount ISO 27001审核失败'禁用对存储帐户的无限制网络访问 '。  如果我们在
以下建议修复建议，客户如何上传数据？  各种Azure服务如何访问数据（例如Azure Data Factory）？

是否有人修复过它？

谢谢

描述

禁用在存储帐户防火墙设置中允许不受限制的网络访问的选项。而是配置网络规则，以便只允许来自
的应用程序允许网络访问存储帐户。允许来自特定互联网或以下的连接 - 在前提客户端，可以为来自特定Azure虚拟网络或公共Internet IP地址范围的流量授予访问权限。

补救步骤

要禁用不受限制的网络访问：1。在存储帐户中，转到"防火墙和虚拟网络".2。在"允许访问"下，选择"所选网络".3。配置相关的
应允许访问您帐户的虚拟网络和IP范围。

Our customer will upload data to a StorageAcount either using Azure Storage Explorer or Azure JS client SDK. Azure Security Center reports that the StorageAccount ISO 27001 audit failure ‘Disable unrestricted network access to storage account’. If we apply below suggested remediation, how does customer upload the data? How does various Azure service access the data (such as Azure Data Factory)?

Has anyone fixed it?

Thanks

Description

Disable the option of allowing unrestricted network access in your storage account firewall settings. Instead, configure network rules so only applications from allowed networks can access the storage account. To allow connections from specific internet or on-premise clients, access can be granted to traffic from specific Azure virtual networks or to public internet IP address ranges.

Remediation steps

To disable unrestricted network access: 1. In your storage account, go to 'Firewalls and virtual networks'. 2. Under 'Allow access from', choose 'Selected networks'. 3. Configure the relevant virtual networks and IP ranges that should be allowed to access your account.

这篇关于禁用对存储帐户的不受限制的网络访问的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！