Is it possible to access an Azure Managed Disk from public network if it is attached to a VM?

Mulla, Tabrez 20 Reputation points
2024-07-16T10:20:40.4666667+00:00

Hello,

I have come across a setting for Disks that are attached to Azure VMs and am trying to understand a bit more about it.

There are three networking different options available for disks, they are

Enable public access from all networks

Disable public access and enable private access

Disable public and private access

The Microsoft recommended setting is to "Disable public access and enable private access" which is the most secure option.

I would like to understand a bit more about the default setting as well which is "Enable public access from all networks".

My research so far has led me to believe that if a disk has been set to "Enable public access from all networks", the disk can be access from public network ONLY IF it is not attached to a VM. Is my understanding correct?

Also, If the VM has no public IP, the VM and its allocated disks are not on the internet so this also suggests that the setting is not doing any harm since the disk cannot be reached.

I would really appreciate if there is Microsoft documentation suggesting this is the case and if not please do correct me.

Azure Disk Storage
Azure Disk Storage
A high-performance, durable block storage designed to be used with Azure Virtual Machines and Azure VMware Solution.
642 questions
{count} votes

Accepted answer
  1. Nehruji R 8,066 Reputation points Microsoft Vendor
    2024-07-16T12:36:40.3533333+00:00

    Hello Mulla, Tabrez,

    Greetings! Welcome to Microsoft Q&A Platform.

    When a disk is set to “Enable public access from all networks,” it can indeed be accessed from the public network (only if the user has necessary permission on the resource that was trying to access and if it is not attached to a VM). However, if the VM to which the disk is attached does not have a public IP, the disk is not exposed to the internet, thus reducing the risk of unauthorized access.

    Microsoft’s Recommendation: Disabling public access and enabling private access is the most secure option. This setting ensures that the disk can only be accessed through private endpoints within your virtual network, providing an additional layer of security.

    refer for more detailed information-https://learn.microsoft.com/en-us/azure/virtual-machines/managed-disks-overview, https://learn.microsoft.com/en-us/azure/virtual-machines/disks-enable-private-links-for-import-export-portal.

    Hope this information helps! please accept the answer else, please let us know if you have any further queries. I’m happy to assist you further.


    Please "Accept the answer” and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.

    1 person found this answer helpful.
    0 comments No comments

0 additional answers

Sort by: Most helpful

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.