[RULE] Disable local auth for storage accounts

### Existing rule

_No response_

### Suggested rule

Storage accounts allow disabling local accounts which disables both access keys and SAS tokens.

This is configured by setting the `allowSharedKeyAccess` property to `false`.

Access keys allow depersonalized access to a Storage Account using a shared secret.

### Pillar

Security

### Additional context

Create a new YAML based rule named `Azure.Storage.LocalAuth`.

Similar rules:

- Azure.Redis.LocalAuth
- Azure.AI.DisableLocalAuth
- Azure.Cosmos.DisableLocalAuth

This should have the labels: `Azure.WAF/maturity: L1` and `Azure.MCSB.v1/control: IM-1`.

Use rule ref `AZR-000497`.

References:

- https://learn.microsoft.com/azure/storage/common/shared-key-authorization-prevent
- [IM-1: Use centralized identity and authentication system](https://learn.microsoft.com/security/benchmark/azure/baselines/storage-security-baseline#im-1-use-centralized-identity-and-authentication-system)

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

[RULE] Disable local auth for storage accounts #3115

Existing rule

Suggested rule

Pillar

Additional context

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

[RULE] Disable local auth for storage accounts #3115

Description

Existing rule

Suggested rule

Pillar

Additional context

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions