Network misconfigurations

Azure Key vault with ‘Allow trusted Microsoft services to bypass this firewall’ enabled

Platform(s)
Compliance Frameworks

Description

When you enable the Key Vault Firewall, you will be given an option to 'Allow Trusted Microsoft Services to bypass this firewall'. This option grants access from specific services to your key vault. Although those services are considered as trusted ones, as a best practice, firewall rules should be defined with more restricted IP addresses to allow access from only known sources.

  • Recommended Mitigation

    It is recommended to disable 'Allow trusted Microsoft services to bypass this firewall' network option.

Need help?

Get a free Security Risk Assessment. Start today

See Orca in action See Orca in action-> View a 10 minute recorded demo or sign up for a personalized one-on-one walk-through.