Ensure Storage Logging is Enabled for Queue Service for 'Read', 'Write', and 'Delete' requests
Why This Matters
Storage queue messages can be accessed by any client with storage account permissions, making them a potential vector for unauthorized data access or tampering. Without logging enabled for read, write, and delete operations, you lose critical visibility into request details such as timing, authentication, and concurrency. This blind spot hinders your ability to detect and investigate security incidents affecting queue data.
What Aether365 Checks
Aether365 verifies that storage logging is enabled for the Queue service and that it captures read, write, and delete requests. This check appears in your Aether365 dashboard under the azure-storage-accounts checks.
How to Fix
To enable storage logging for the Queue service in the Azure Portal: