Network ACLs allow you to reduce your exposure to risk by limiting what can access your key vault.
The default action of the Network ACL should be set to deny for when IPs are not matched. Azure services can be allowed to bypass.
Without a network ACL the key vault is freely accessible
Set a network ACL for the key vault
The following example will fail the azure-keyvault-specify-network-acl check.
The following example will pass the azure-keyvault-specify-network-acl check.