Detecting Misconfigured Azure Storage

When to Use

• When performing a security audit of Azure Storage accounts across subscriptions
• When responding to Microsoft Defender for Storage alerts about anonymous access or data exfiltration
• When compliance requires verification of encryption, network restrictions, and access logging
• When investigating potential data exposure through publicly accessible blob containers
• When onboarding Azure subscriptions and establishing storage security baselines

Do not use for Azure SQL or Cosmos DB security auditing (use dedicated database security tools), for real-time threat detection on storage operations (use Defender for Storage), or for Azure Files or Data Lake Gen2 specific auditing without adapting the checks.

Prerequisites

• Azure CLI installed and authenticated (az login) with Reader and Storage Account Contributor roles
• Az PowerShell module installed for advanced queries (Install-Module Az.Storage)
• Microsoft Defender for Storage enabled for threat detection
• Access to Azure Resource Graph for cross-subscription queries
• ScoutSuite or Prowler Azure provider for automated assessment