Description

Azure Batch is a compute scheduling service, capable of running large-scale applications. The batch account - {AzureBatchAccount} with Pool - {AzureBatchAccount.BatchAccountPools} has promiscuous inbound NAT Rule - {AzureBatchAccount.BatchAccountPools.InboundNatPools} which allow inbound access from any IP address. The inbound NAT Rules allow to specify the mandatory IP addresses.
  • Recommended Mitigation

    It is recommended to review the batch account configuration and explicitly specify the addresses in the inbound nat pool rules, to limit the access to the Batch Pool.