Description:
Disable anonymous access to blob containers and disallow blob public access on storage account.
Rationale:
Anonymous, public read access to a container and its blobs can be enabled in Azure Blob storage. It grants read-only access to these resources without sharing the account key, and without requiring a shared access signature. It is recommended not to provide anonymous access to blob containers until, and unless, it is strongly desired. A shared access signature token should be used for providing controlled and timed access to blob containers.
If no anonymous access is needed on the storage account, it’s recommended to set allowBlobPublicAccess false.
Access using shared access signatures will have to be managed.
From Azure Console
First, follow Microsoft documentation and created shared access signature tokens for your blob containers. Then,
Using Azure Command Line Interface 2.0
az storage container set-permission --name --public-access off --account-name --account-key
az storage account update --name --resource-group --allow-blob-public-access false
.