AzPolicyAdvertizer

last sync: 2024-Jul-26 18:17:39 UTC

Storage accounts should have the specified minimum TLS version

Azure BuiltIn Policy definition

Source Azure Portal
Display name Storage accounts should have the specified minimum TLS version
Id fe83a0eb-a853-422d-aac2-1bffd182c5d0
Version 1.0.0
Details on versioning
Category Storage
Microsoft Learn
Description Configure a minimum TLS version for secure communication between the client application and the storage account. To minimize security risk, the recommended minimum TLS version is the latest released version, which is currently TLS 1.2.
Mode Indexed
Type BuiltIn
Preview False
Deprecated False
Effect Default
Audit
Allowed
Audit, Deny, Disabled
RBAC role(s) none
Rule aliases IF (1)
Alias Namespace ResourceType Path PathIsDefault DefaultPath Modifiable
Microsoft.Storage/storageAccounts/minimumTlsVersion Microsoft.Storage storageAccounts properties.minimumTlsVersion True True
Rule resource types IF (1)
Microsoft.Storage/storageAccounts
Compliance
The following 2 compliance controls are associated with this Policy definition 'Storage accounts should have the specified minimum TLS version' (fe83a0eb-a853-422d-aac2-1bffd182c5d0)
Control Domain Control Name MetadataId Category Title Owner Requirements Description Info Policy#
ACAT_Security_Policies ACAT_Security_Policies ACAT Security Policies Guidelines for M365 Certification Protecting systems and resources Shared n/a Ensures that apps have strong security and compliance practices in place to protect customer data, security, and privacy. link 16
CIS_Azure_2.0.0 3.15 CIS_Azure_2.0.0_3.15 CIS Microsoft Azure Foundations Benchmark recommendation 3.15 3 Ensure the "Minimum TLS version" for storage accounts is set to "Version 1.2" Shared When set to TLS 1.2 all requests must leverage this version of the protocol. Applications leveraging legacy versions of the protocol will fail. In some cases, Azure Storage sets the minimum TLS version to be version 1.0 by default. TLS 1.0 is a legacy version and has known vulnerabilities. This minimum TLS version can be configured to be later protocols such as TLS 1.2. TLS 1.0 has known vulnerabilities and has been replaced by later versions of the TLS protocol. Continued use of this legacy protocol affects the security of data in transit. link 4
Initiatives usage
Initiative DisplayName Initiative Id Initiative Category State Type
[Preview]: Control the use of Storage Accounts in a Virtual Enclave ca122c06-05f6-4423-9018-ccb523168eb2 VirtualEnclaves Preview BuiltIn
ACAT for Microsoft 365 Certification 80307b86-ab81-45ab-bf4f-4e0b93cf3dd5 Regulatory Compliance GA BuiltIn
CIS Microsoft Azure Foundations Benchmark v2.0.0 06f19060-9e68-4070-92ca-f15cc126059e Regulatory Compliance GA BuiltIn
Deny or Deploy and append TLS requirements and SSL enforcement on resources without Encryption in transit Enforce-EncryptTransit_20240509 Encryption GA ALZ
History
Date/Time (UTC ymd) (i) Change type Change detail
2022-04-22 19:50:54 add fe83a0eb-a853-422d-aac2-1bffd182c5d0
JSON compare n/a
JSON
api-version=2021-06-01
EPAC