Ensure that firewall rules are enabled and configured for Analysis services server

Azure Analysis Services is a fully managed platform as a service (PaaS) that provides enterprise-grade data models in the cloud. Azure Analysis Services Firewall blocks all client connections other than those IP addresses specified in rules. By default, firewall protection is not enabled for new servers. Enabling a firewall and configuring IP address ranges for only those computers accessing your server are an important part of securing your server and data.

Risk Level: High
Cloud Entity: Azure Analysis Services
CloudGuard Rule ID: D9.AZU.NET.31
Covered by Spectral: Yes
Category: Analytics

GSL LOGIC

AnalysisServiceServer should have properties.ipV4FirewallSettings.firewallRules

REMEDIATION

  1. Click on your server to open the Overview page.
  2. In SETTINGS > Firewall > Enable firewall, click On.
  3. To allow DirectQuery access from Power BI service, in Allow access from Power BI, click On.
  4. Click Save.

References
https://docs.microsoft.com/en-us/azure/analysis-services/analysis-services-overview#firewall
https://docs.microsoft.com/en-us/azure/analysis-services/analysis-services-qs-firewall

Azure Analysis Services

Azure Analysis Services is a fully managed platform as a service (PaaS) that provides enterprise-grade data models in the cloud. Use advanced mashup and modeling features to combine data from multiple data sources, define metrics, and secure your data in a single, trusted tabular semantic data model. The data model provides an easier and faster way for users to perform ad hoc data analysis using tools like Power BI and Excel.

Compliance Frameworks

  • AZU PCI-DSS 4.0
  • Azure CloudGuard Best Practices
  • Azure NIST 800-53 Rev 5
  • CloudGuard Azure All Rules Ruleset