By default, Azure Storage accounts allow clients to send and receive data with the oldest version of TLS (1.0). If you want to apply stricter security measures to your storage account, this article could be of interest to you. In this post, I will show you how you can configure your storage account to require customers to send and receive data with the latest version of TLS using PowerShell and Azure CLI.

Prerequisites

  • This tutorial assumes that you already have a Microsoft Azure account configured.
  • You can use an existing Storage Account, or you can create a new one. If you want to know how to create a Storage Account using PowerShell, check out this link.

Azure PowerShell Workaround

Important: To configure the minimum TLS version for a storage account with PowerShell, install Azure PowerShell version 4.4.0 or later. If you want to know how to install the PowerShell Azure module on your machine, check out this link.

The simplest way to get started is to sign in interactively at the command line.

This cmdlet will bring up a dialog box prompting you for your email address and password associated with your Azure account.
If you have more than one subscription associated with your mail account, you can choose the default subscription. To perform this task, we will use the following commands:

Once you set your default subscription, you’re ready to start.

Set the variables

Here, we define the characteristics of our environment and the resource’s properties.

Get the value of MinimumTlsVersion property

To get the current value of the MinimumTlsVersion property, you should use the Get-AzStorageAccount cmdlet with the following syntax.

Get-AzStorageAccount

Set the MinimumTlsVersion version for the storage account to TLS 1.2

To set the value of the MinimumTlsVersion property, you should use the Set-AzStorageAccount cmdlet with the following syntax. This parameter supports the following values: TLS1_0, TLS1_1, TLS1_2.

Set-AzStorageAccount

Verify the value of MinimumTlsVersion property

Finally, to verify that the change has been made correctly, you should use the following command.

Azure TLS

Azure CLI Workaround

In this case, we will use Azure Cloud Shell, a browser-based shell built into Azure Portal. This allows us to use the Azure command-line tools (Azure CLI and Azure PowerShell) directly from a browser. If you want to know more about Azure Cloud Shell, check out this link.

First, we define the characteristics of our environment and store the values in variables.

Get the value of MinimumTlsVersion property

To get the current value of the MinimumTlsVersion property, you should use the following command.

Azure TLS

Set the MinimumTlsVersion version for the storage account to TLS 1.2

To set the value of the MinimumTlsVersion property, you should the following command. This property supports the following values: TLS1_0, TLS1_1, TLS1_2.

Azure TLS

Verify the value of MinimumTlsVersion property

Finally, to verify that the change has been made correctly, you should use the following command.

Thanks for reading my post. I hope you find it useful.

If you want to know more about Security recommendations for Azure storage accounts, check out this link: https://docs.microsoft.com/en-us/azure/storage/blobs/security-recommendations