Ensure that 'Enable Data Access Authentication Mode' is 'Checked'
Why This Matters
Untrusted users can generate SAS tokens to export managed disks or VM state data if data access authentication mode is disabled. This creates a significant data exfiltration risk. Enabling this mode forces users to have the Data Operator for Managed Disks role in Entra ID before they can create export URLs.
What Aether365 Checks
Aether365 verifies that the 'Enable Data Access Authentication Mode' setting is checked on each managed disk in your Azure subscription. This check appears in the Aether365 dashboard under the azure-azure-disks section.