Choose to allow or disallow blob public access on Azure Storage accounts
Published date: 15 July, 2020
Public read access to blob data is an optional setting that can be enabled on a container. While convenient for sharing data, public read access carries security risks. For enhanced security, you can now choose to disallow public access to blob data in a storage account. After you disallow public access for a storage account, all requests for blob data must be authorized regardless of the container’s public access setting. Any subsequent anonymous requests to that account will fail.
By default, a storage account allows public access to be configured for containers in the account, but does not enable public access to your data. Public access to blob data is never permitted unless you take the additional step to explicitly configure the public access setting for a container.
Microsoft recommends that you disallow public access to a storage account unless your scenario requires it. Disallowing public access helps to prevent data breaches caused by undesired anonymous access.