Skip to main content
Back to the Azure Footguns Database
SecurityLowOccasionalAZF-0077

A managed disk open to public export is one SAS URL from full disk exfiltration

Managed disks default to AllowAll network access with public export enabled. One export SAS turns the entire disk into a downloadable file, no VM login required.

Footgun ID
AZF-0077 (Azure Footgun No. 77)
Azure service
Azure Managed Disks
Resource type
Microsoft.Compute/disks
Updated
July 9, 2026

What it is

A managed disk whose networkAccessPolicy is AllowAll or whose publicNetworkAccess is Enabled (the Azure defaults on every disk you create). In that state, anyone authorized to generate an export SAS gets a URL that downloads the raw disk contents over the public internet: the OS, the data, cached credentials, connection strings, all of it, without ever logging into the VM.

Impact (security)
A single export SAS downloads the raw VHD — OS, data, credentials, everything on the disk — from anywhere on the internet
Basis: Azure behavior (authored assessment). Figures are estimates, not measurements.

Why it happens

Two properties govern disk export, and both default open. networkAccessPolicy: AllowAll is the classic export switch, and publicNetworkAccess: Enabled is the newer top-level gate. Nobody sets these; Azure sets them, on every disk, in every template that doesn't say otherwise.

To be precise about the risk: this is not an anonymous open door. Generating an export SAS still requires an authorized principal with the right permissions on the disk. The footgun is what happens after that: the SAS URL itself is a bearer token. It works from any network, for anyone holding it, for its full lifetime — pasted into a ticket, logged by a proxy, or minted by a compromised identity, it turns a network-isolated VM's disk into a public download. Locking the disk to DenyAll (or AllowPrivate behind a disk-access private endpoint) removes that path entirely, and almost no workload actually needs public export.

What it costs / blast radius

The direct cost is zero; this is pure exposure, not spend. The blast radius is the entire disk image: a mounted database's files, SSH host keys, machine certificates, application configs with embedded secrets, and whatever the OS has cached. Disk exfiltration bypasses every control that lives inside the VM — EDR, OS audit logs, login alerts see nothing, because nothing ever touches the running machine. For a defense-in-depth control that costs nothing to enable, the asymmetry is hard to argue with. (Authored assessment of Azure behavior.)

See it

Footgun: the Azure defaults — export SAS works from any network
resource dataDisk 'Microsoft.Compute/disks@2024-03-02' = {
  name: 'sql-prod-data'
  location: location
  sku: { name: 'Premium_LRS' }
  properties: {
    creationData: { createOption: 'Empty' }
    diskSizeGB: 1024
    // Both are the defaults even when omitted:
    networkAccessPolicy: 'AllowAll'
    publicNetworkAccess: 'Enabled'
  }
}
Fix: deny export outright, or restrict it to a private endpoint
resource dataDisk 'Microsoft.Compute/disks@2024-03-02' = {
  name: 'sql-prod-data'
  location: location
  sku: { name: 'Premium_LRS' }
  properties: {
    creationData: { createOption: 'Empty' }
    diskSizeGB: 1024
    networkAccessPolicy: 'DenyAll'   // or 'AllowPrivate' + diskAccessId
    publicNetworkAccess: 'Disabled'
  }
}

How StratoLens helps

StratoLens flags every disk that is still export-open on either property, automatically and continuously, across every subscription in your tenant. The defaults never get a chance to accumulate unnoticed, so closing the gap is a five-minute fix instead of an archaeology project.

Start Your 28-Day Free Trial

Every feature unlocked. Deploys to your Azure tenant. No data leaves your tenant.

Available now on the Azure Marketplace.

Not ready to install anything? Browse the Azure Footguns Database: 55+ documented ways Azure quietly costs money or creates risk.

Request a demo

StratoLens catches the cost waste, access risk, and config drift across your whole Azure estate, from inside your own tenant, so your data never leaves it.