Ensure Default Network Access Rule for Storage Accounts is Set to Deny
Why This Matters
Storage accounts that accept connections from any network expose your data to unauthorized access from the internet. By denying default network access and explicitly allowing only trusted networks, you reduce the attack surface and enforce a secure network boundary for your storage resources. Without this control, any client with a valid access key can reach your storage account from anywhere.
What Aether365 Checks
Aether365 verifies that each storage account has its public network access set to "Enabled from selected virtual networks and IP addresses" rather than allowing all networks. This check appears in the Aether365 dashboard under the Azure Storage Accounts security category.