Review & Remediate Storage Security Recommendations
Implementation Effort: Medium — Requires security and IT teams to regularly review recommendations, assess risk, and implement remediations across storage accounts.
User Impact: Low — Actions are taken by administrators; users are not directly affected.
Overview
Microsoft Defender for Storage, as part of Defender for Cloud, continuously assesses your storage resources against built-in and custom security standards. It generates security recommendations to help identify misconfigurations, vulnerabilities, and risky exposures in Azure Blob Storage and Data Lake Storage.
Reviewing Recommendations
To review recommendations:
- Go to Microsoft Defender for Cloud in the Azure portal.
- Navigate to Recommendations.
- Filter by Storage to view relevant issues.
- For each recommendation, review:
- Risk level and severity (High, Medium, Low)
- Affected resources
- Attack paths and risk factors (e.g., internet exposure, sensitive data)
- Tactics & techniques (mapped to MITRE ATT&CK)
- Owner, status, and due date for remediation 1
Remediating Recommendations
To remediate:
- Follow the step-by-step guidance provided in each recommendation.
- Use Azure Policy, ARM templates, or manual configuration to apply fixes.
- For high-risk issues (e.g., public access to storage, unprotected secrets), prioritize immediate remediation 2.
- Track progress using the status and freshness indicators.
Common Storage Security Recommendations
- Disable public access to storage accounts
- Enable Microsoft Defender for Storage
- Enforce secure transfer (HTTPS)
- Restrict access using private endpoints or firewall rules
- Monitor for unusual access patterns or malware uploads 3
Failing to review and remediate these recommendations can leave storage accounts vulnerable to data breaches, malware, and compliance violations.
This activity supports the Zero Trust principle of "Assume Breach" by proactively identifying and mitigating risks in your storage environment.