last sync: 2025-Feb-18 18:37:08 UTC

Storage accounts should have the specified minimum TLS version

Azure BuiltIn Policy definition

Source Azure Portal
Display name Storage accounts should have the specified minimum TLS version
Id fe83a0eb-a853-422d-aac2-1bffd182c5d0
Version 1.0.0
Details on versioning
Versioning Versions supported for Versioning: 1
1.0.0
Built-in Versioning [Preview]
Category Storage
Microsoft Learn
Description Configure a minimum TLS version for secure communication between the client application and the storage account. To minimize security risk, the recommended minimum TLS version is the latest released version, which is currently TLS 1.2.
Cloud environments AzureCloud = true
AzureUSGovernment = true
AzureChinaCloud = unknown
Available in AzUSGov The Policy is available in AzureUSGovernment cloud. Version: '1.*.*'
Mode Indexed
Type BuiltIn
Preview False
Deprecated False
Effect Default
Audit
Allowed
Audit, Deny, Disabled
RBAC role(s) none
Rule aliases IF (1)
Alias Namespace ResourceType Path PathIsDefault DefaultPath Modifiable
Microsoft.Storage/storageAccounts/minimumTlsVersion Microsoft.Storage storageAccounts properties.minimumTlsVersion True True
Rule resource types IF (1)
Microsoft.Storage/storageAccounts
Compliance
The following 10 compliance controls are associated with this Policy definition 'Storage accounts should have the specified minimum TLS version' (fe83a0eb-a853-422d-aac2-1bffd182c5d0)
Control Domain Control Name MetadataId Category Title Owner Requirements Description Info Policy#
ACAT_Security_Policies ACAT_Security_Policies ACAT Security Policies Guidelines for M365 Certification Protecting systems and resources Shared n/a Ensures that apps have strong security and compliance practices in place to protect customer data, security, and privacy. link 16
CIS_Azure_2.0.0 3.15 CIS_Azure_2.0.0_3.15 CIS Microsoft Azure Foundations Benchmark recommendation 3.15 3 Ensure the "Minimum TLS version" for storage accounts is set to "Version 1.2" Shared When set to TLS 1.2 all requests must leverage this version of the protocol. Applications leveraging legacy versions of the protocol will fail. In some cases, Azure Storage sets the minimum TLS version to be version 1.0 by default. TLS 1.0 is a legacy version and has known vulnerabilities. This minimum TLS version can be configured to be later protocols such as TLS 1.2. TLS 1.0 has known vulnerabilities and has been replaced by later versions of the TLS protocol. Continued use of this legacy protocol affects the security of data in transit. link 4
CIS_Azure_Foundations_v2.1.0 3.15 CIS_Azure_Foundations_v2.1.0_3.15 CIS Azure Foundations v2.1.0 3.15 Storage Accounts Ensure the "Minimum TLS version" for storage accounts is set to "Version 1.2" Shared n/a In some cases, Azure Storage sets the minimum TLS version to be version 1.0 by default. TLS 1.0 is a legacy version and has known vulnerabilities. This minimum TLS version can be configured to be later protocols such as TLS 1.2. 1
CIS_Controls_v8.1 3.10 CIS_Controls_v8.1_3.10 404 not found n/a n/a 8
CIS_Controls_v8.1 4.1 CIS_Controls_v8.1_4.1 CIS Controls v8.1 4.1 Secure Configuration of Enterprise Assets and Software Establish and maintain a secure configuration process. Shared 1. Establish and maintain a secure configuration process for enterprise assets (end-user devices, including portable and mobile; non-computing/IoT devices; and servers) and software (operating systems and applications). 2. Review and update documentation annually, or when significant enterprise changes occur that could impact this safeguard. To ensure data integrity and safety of enterprise assets. 44
EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Chapter 4 - Controller and processor Responsibility of the controller Shared n/a n/a 311
EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Chapter 4 - Controller and processor Data protection by design and by default Shared n/a n/a 311
EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Chapter 4 - Controller and processor Processor Shared n/a n/a 311
EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Chapter 4 - Controller and processor Security of processing Shared n/a n/a 311
New_Zealand_ISM 17.4.16.C.01 New_Zealand_ISM_17.4.16.C.01 New_Zealand_ISM_17.4.16.C.01 17. Cryptography 17.4.16.C.01 Using TLS n/a Agencies SHOULD use the current version of TLS (version 1.3). 5
Initiatives usage
Initiative DisplayName Initiative Id Initiative Category State Type polSet in AzUSGov
[Deprecated]: Deny or Deploy and append TLS requirements and SSL enforcement on resources without Encryption in transit Enforce-EncryptTransit_20240509 Encryption Deprecated ALZ
[Preview]: Control the use of Storage Accounts in a Virtual Enclave ca122c06-05f6-4423-9018-ccb523168eb2 VirtualEnclaves Preview BuiltIn true
ACAT for Microsoft 365 Certification 80307b86-ab81-45ab-bf4f-4e0b93cf3dd5 Regulatory Compliance GA BuiltIn unknown
CIS Azure Foundations v2.1.0 fe7782e4-6ff3-4e39-8d8a-64b6f7b82c85 Regulatory Compliance GA BuiltIn unknown
CIS Controls v8.1 046796ef-e8a7-4398-bbe9-cce970b1a3ae Regulatory Compliance GA BuiltIn unknown
CIS Microsoft Azure Foundations Benchmark v2.0.0 06f19060-9e68-4070-92ca-f15cc126059e Regulatory Compliance GA BuiltIn unknown
Deny or Deploy and append TLS requirements and SSL enforcement on resources without Encryption in transit Enforce-EncryptTransit_20241211 Encryption GA ALZ
EU General Data Protection Regulation (GDPR) 2016/679 7326812a-86a4-40c8-af7c-8945de9c4913 Regulatory Compliance GA BuiltIn unknown
New Zealand ISM 4f5b1359-4f8e-4d7c-9733-ea47fcde891e Regulatory Compliance GA BuiltIn unknown
History
Date/Time (UTC ymd) (i) Change type Change detail
2022-04-22 19:50:54 add fe83a0eb-a853-422d-aac2-1bffd182c5d0
JSON compare n/a
JSON
api-version=2021-06-01
EPAC