Network misconfigurations

Azure Key vault with ‘Allow trusted Microsoft services to bypass this firewall’ enabled

Compliance Frameworks


When you enable the Key Vault Firewall, you will be given an option to 'Allow Trusted Microsoft Services to bypass this firewall'. This option grants access from specific services to your key vault. Although those services are considered as trusted ones, as a best practice, firewall rules should be defined with more restricted IP addresses to allow access from only known sources.
  • Recommended Mitigation

    It is recommended to disable 'Allow trusted Microsoft services to bypass this firewall' network option.