TF 0030 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Trusted Microsoft Services should have bypass access to Storage accounts
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| Service | storage |
| Provider | Azure |
| Vulnerability Type | omission |
Description
Storage account network rules are configured without allowing 'AzureServices' in the bypass list, preventing trusted Microsoft services from accessing the storage account as intended. This restricts legitimate service integrations that rely on direct access beyond typical network rules.
Impact
Trusted Microsoft services, such as Azure Backup or Azure Monitoring, may fail to interact with the storage account, potentially causing disruptions in backups, monitoring, or other automated operations. This could lead to service outages, data loss, or inability to meet compliance and operational requirements.
Resolution
Allow Trusted Microsoft Services to bypass