Ensure admin user is disabled for Azure Container Registry
containerregistry_admin_user_disabled
Ensure that the admin user is disabled and Role-Based Access Control (RBAC) is used instead since it could grant unrestricted access to the registry
Risk
If the admin user is enabled, it may lead to unauthorized access to the container registry and its resources, which could compromise the confidentiality, integrity, and availability of the images stored within.
prowler azure --checks containerregistry_admin_user_disabled
Recommendation
Disable the admin user on Azure Container Registry through the Azure Portal: 1. Navigate to your Container Registry. 2. In the settings, select 'Access keys'. 3. Ensure the 'Admin user' checkbox is not ticked. For all actions relying on registry access, switch to using Role-Based Access Control.
Remediation
az acr update --name <RegistryName> --resource-group <ResourceGroupName> --admin-enabled false
The transition away from using the admin user to RBAC will facilitate a more secure and manageable access model, minimizing the potential risk of unauthorized access to your container images.
Source Code
Resource Type
ContainerRegistry