Description
By allowing access to all Ports (* or 0-65535) over the internet you are potentially allowing attackers or malicious users to attempt brute force techniques to gain access to servers, data, and information systems.
Remediation
Azure Portal
- Go to Azure Portal
- Select Network Security Groups under resources
- Go to Security Group (or all groups one at a time)
- Under Settings->Inbound Security Rules
- On the right-hand pane, review the list of security rules
- Remove or update any inbound rule where incoming / ingress traffic is allowed from port * or 0-65535
Additional documents
https://docs.microsoft.com/en-us/azure/virtual-network/network-security-groups-overview