Control: Ensure that 'Disk Network Access' is NOT set to 'Enable public access from all networks'
Description
Virtual Machine Disks and snapshots can be configured to allow access from different network resources.
Usage
Run the control in your terminal:
powerpipe control run azure_compliance.control.compute_disk_public_access_disabledSnapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run azure_compliance.control.compute_disk_public_access_disabled --shareSQL
This control uses a named query:
select disk.id as resource, case when network_access_policy in ('DenyAll','AllowPrivate') and public_network_access = 'Disabled' then 'ok' else 'alarm' end as status, case when network_access_policy in ('DenyAll','AllowPrivate') and public_network_access = 'Disabled' then disk.name || ' network access disabled.' else disk.name || ' network access enabled.' end as reason , disk.resource_group as resource_group , sub.display_name as subscriptionfrom azure_compute_disk disk, azure_subscription subwhere sub.subscription_id = disk.subscription_id;