Hello,
There is guidance around hardening the Nerdio App Service and there is also guidance around hardening the Nerdio SQL Server.
We would really like to see guidance around hardening Nerdio-related/created storage accounts.
If Public Network Access is restricted on the Nerdio Storage accounts, we fail to run custom scripts with the following error, “Error: This request is not authorized to perform this operation.”
Is there a workaround that we are unaware of?
Great idea, Peter Gibbons.
We don't have anything like that, yet. We do have some guidance for our Nerdio for Enterprise product, but the MSP edition is considerably more complicated with the multi-tenant configurations we need to take into account.
Can you expand a little more on your use-case for this?
Is it just one of those "if we can, we should" scenarios or are you trying to meet some kind of compliance requirement?
We're also looking into the possibility to harden storage accounts.
At this time MS Defender for cloud marks the recommendations below on the Nerdio Storage accounts.
Recommendation 1: Storage account public access should be disallowed
Recommendation 2: Storage accounts should only be accessible private via private endpoint
Recommendation 3: Storage accounts should prevent shared key access
Please sign in to leave a comment.
Comments (2 comments)