Ensure that 'Disk Network Access' is NOT set to 'Enable public access from all networks'
Why This Matters
Exposing virtual machine disks and snapshots to all networks creates unnecessary attack surfaces for data infiltration and exfiltration. This overly permissive setting bypasses network segmentation controls and can lead to unauthorized data access or transfer. Administrators should restrict disk network access to only required private connections to maintain a least privilege security posture.
What Aether365 Checks
Aether365 verifies that disk network access is not configured to "Enable public access from all networks." This check appears in the Aether365 dashboard under the azure-azure-disks section.