search
Sprinto DashboardAPI Reference

How to resolve Sprinto check for configuring default network access rule to deny on the Azure storage accounts

Configure Azure Storage Account network rules to deny public access by default and resolve the Sprinto security check for storage account network access.

hashtag
About

Sprinto check: Ensure Default Network Access Rule for Storage Accounts is Set to Deny

The Ensure Default Network Access Rule for Storage Accounts is Set to Deny check verifies that your Azure storage accounts do not allow unrestricted public network access.

Configuring the default network access rule to Deny ensures that storage accounts are not accessible from all networks by default. Only explicitly allowed networks, IP ranges, or Azure resources can access the storage account. This helps reduce the risk of unauthorised access and improves the overall security posture of your Azure infrastructure.

hashtag
Prerequisites

Before you begin, ensure that:

  • You have administrator privileges to manage Azure storage account configuration.

hashtag
Procedure

hashtag
Step 1: Configure network access in the Azure portal

  1. Sign in to the Azure Portal using your credentials.

  2. Navigate to Storage Accounts.

  3. Select the storage account you want to secure.

  1. In the left navigation pane, under Security + networking, select Networking.

  2. Next to Public network access, click Manage.

  1. Configure the network access setting using one of the following options:

hashtag
Option 1 (Recommended): Restrict access to selected networks

  1. Select Enable → Enabled from selected networks.

  2. This configuration:

    • Sets the default network access rule to Deny.

    • Allows you to explicitly permit access from:

      • trusted virtual networks

      • specific IP address ranges

      • selected Azure resource instances

  1. Add any required IP ranges or virtual networks that should retain access to the storage account.

hashtag
Option 2: Disable public network access

  1. Select Disable.

  2. This blocks all public network traffic to the storage account.

  3. Only private endpoints will be able to access the storage account.

  1. Click Save to apply the changes.

hashtag
Step 2: Verify the check in Sprinto

  1. Log in to the Sprinto dashboard.

  2. Navigate to Cloud Infrastructure → Azure.

  3. Locate the failing monitor:

    Ensure Default Network Access Rule for Storage Accounts is Set to Deny

  4. Click Refresh to fetch the latest configuration.

Sprinto will detect the updated configuration and automatically update the check status to Passing.

hashtag
Key Notes

  • Setting Enabled from selected networks automatically sets the default network access rule to Deny.

  • Only networks explicitly added to the allow list will be able to access the storage account.

  • Choosing Disable blocks all public network access and allows access only through private endpoints.

  • After updating the configuration in Azure, it may take a few minutes for Sprinto to detect the change.

PreviousHow to resolve Sprinto check for Azure Web Apps to use the latest TLS encryption versionNextHow to resolve Sprinto check for enabling “Secure transfer required” on Azure

Last updated