Skip to content

Azure Storage Access Key

Service Name: Azure Storage

Service Description: Azure Storage is Microsoft's cloud storage solution that provides scalable, secure, and highly available storage for data objects, file systems, messages, and NoSQL databases.

Service Address: https://azure.microsoft.com/en-us/products/storage/

Validation Type: API Auth

IP Allow list: IP restrictions can be configured at the storage account level using network rules and firewall settings.

Secret Access Scope: Grants full administrative access to all data and operations within the specific Azure Storage account, including blobs, files, queues, and tables.

Secret Revokement URL: https://portal.azure.com/ (Navigate to the storage account > Access keys > Regenerate keys)

Secret Example: DefaultEndpointsProtocol=https;AccountName=mystorageaccount;AccountKey=Eby 8vdM02xNOcqFlqUwJPLlmEtlCDXJ1OUzFT50uSRZ6IFsuFq2UVErCz4I6tq/K1SZFPTOtr/KBHB eksoGMGw==;EndpointSuffix=core.windows.net

Suspicious Activity Investigation Instructions:

  • Review Azure Activity Logs for unauthorized access or unusual operations
  • Check Azure Storage Analytics logs for unexpected data access patterns
  • Monitor for unusual egress traffic or data transfer operations
  • Verify IP addresses accessing the storage account against expected sources
  • Look for unusual geographic access locations in Azure Monitor logs
  • Check for unexpected changes to storage account configurations

Mitigation Instructions:

  • Immediately regenerate the storage account access keys in the Azure Portal
  • Rotate the compromised key (either key1 or key2) while maintaining service availability
  • Update all legitimate applications with the new key
  • Enable Azure Defender for Storage for enhanced threat protection
  • Implement network security rules to restrict access by IP address
  • Consider implementing Shared Access Signatures (SAS) with limited permissions instead of using account keys
  • Enable soft delete for blobs to protect against data loss
  • Review and update Azure RBAC permissions to follow the Principle of Least Privilege.
  • Enable Azure Storage encryption for data at rest