Network misconfigurations

Azure Key vault is not configured with virtual network service endpoint

Platform(s)
Compliance Frameworks

Description

The virtual network service endpoints for Azure Key Vault allow you to restrict access to a specified virtual network. The endpoints also allow you to restrict access to a list of IPv4 (Internet protocol version 4) address ranges. Any user connecting to your key vault from outside those sources is denied access. For more info, see https://learn.microsoft.com/en-us/azure/virtual-network/virtual-network-service-endpoints-overview
  • Recommended Mitigation

    It is recommended to configure the Azure key vault with virtual network service endpoint.