Azure Batch Pool with public access

Data at risk

Azure Batch Pool with public access

Risk Level

Informational (4)

Platform(s)

Compliance Frameworks

Brazilian General Data Protection (LGPD)
CCPA
CPRA
Data Security Posture Management (DSPM) Best Practices
GDPR
HITRUST
ISO 27701
ISO/IEC 27001
Microsoft Cloud Security Benchmark
Mitre ATT&CK
NIST 800-171
NIST 800-53
Orca Best Practices
PDPA
UK Cyber Essentials

Description

Azure Batch is a compute scheduling service, capable of running large-scale applications. The batch account - {AzureBatchAccount} with Pool - {AzureBatchAccount.BatchAccountPools} has promiscuous inbound NAT Rule - {AzureBatchAccount.BatchAccountPools.InboundNatPools} which allow inbound access from any IP address. The inbound NAT Rules allow to specify the mandatory IP addresses.

Recommended Mitigation

It is recommended to review the batch account configuration and explicitly specify the addresses in the inbound nat pool rules, to limit the access to the Batch Pool.

Azure Batch Pool with public access

Description

Need help?

CLOUD SECURITY PLATFORM

TECHNOLOGY ECOSYSTEM

By Solution

By Industry

COMPARISONS