last sync: 2023-Jun-01 17:45:04 UTC

Azure Landing Zones (ALZ) Policy definition

Azure Storage deploy a specific min TLS version requirement and enforce SSL/HTTPS

Name Azure Storage deploy a specific min TLS version requirement and enforce SSL/HTTPS
Azure Landing Zones (ALZ) GitHub
JSON Deploy-Storage-sslEnforcement
Id Deploy-Storage-sslEnforcement
Version 1.1.0
details on versioning
Category Storage
Microsoft docs
Description Deploy a specific min TLS version requirement and enforce SSL on Azure Storage. Enables secure server to client by enforce minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your Azure Storage.
Mode Indexed
Type Custom Azure Landing Zones (ALZ)
Preview FALSE
Deprecated FALSE
Effect Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled
Used RBAC Role
Role Name Role Id
Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635
Rule Aliases IF (2)
Alias Namespace ResourceType DefaultPath Modifiable
Microsoft.Storage/storageAccounts/minimumTlsVersion Microsoft.Storage storageAccounts properties.minimumTlsVersion true
Microsoft.Storage/storageAccounts/supportsHttpsTrafficOnly Microsoft.Storage storageAccounts properties.supportsHttpsTrafficOnly true
THEN-ExistenceCondition (2)
Alias Namespace ResourceType DefaultPath Modifiable
Microsoft.Storage/storageAccounts/minimumTlsVersion Microsoft.Storage storageAccounts properties.minimumTlsVersion true
Microsoft.Storage/storageAccounts/supportsHttpsTrafficOnly Microsoft.Storage storageAccounts properties.supportsHttpsTrafficOnly true
Rule ResourceTypes IF (1)
Microsoft.Storage/storageAccounts
THEN-Deployment (1)
Microsoft.Storage/storageAccounts
History none
Used in Initiatives
Initiative DisplayName Initiative Id Initiative Category State
Deny or Deploy and append TLS requirements and SSL enforcement on resources without Encryption in transit Enforce-EncryptTransit Encryption GA
JSON