Data at risk

Azure Batch Pool with public access

Risk Level

Informational (4)

Platform(s)
Compliance Frameworks

Description

Azure Batch is a compute scheduling service, capable of running large-scale applications. The batch account - {AzureBatchAccount} with Pool - {AzureBatchAccount.BatchAccountPools} has promiscuous inbound NAT Rule - {AzureBatchAccount.BatchAccountPools.InboundNatPools} which allow inbound access from any IP address. The inbound NAT Rules allow to specify the mandatory IP addresses.

  • Recommended Mitigation

    It is recommended to review the batch account configuration and explicitly specify the addresses in the inbound nat pool rules, to limit the access to the Batch Pool.

Need help?

Get a free Security Risk Assessment. Start today

See Orca in action See Orca in action-> View a 10 minute recorded demo or sign up for a personalized one-on-one walk-through.