Azure Batch is a compute scheduling service, capable of running large-scale applications. The batch account - {AzureBatchAccount} with Pool - {AzureBatchAccount.BatchAccountPools} has promiscuous inbound NAT Rule - {AzureBatchAccount.BatchAccountPools.InboundNatPools} which allow inbound access from any IP address. The inbound NAT Rules allow to specify the mandatory IP addresses.
Recommended Mitigation
It is recommended to review the batch account configuration and explicitly specify the addresses in the inbound nat pool rules, to limit the access to the Batch Pool.
Data at risk
