Skip to main content
Jorge Bernhardt Jorge Bernhardt
  1. Posts/

How to configure your Azure storage account to use TLS version 1.2

·650 words·4 mins· 100 views · 5 likes ·
Azure CLI Azure Cloud Shell Azure PowerShell Connect-AzAccount

By default, Azure Storage accounts allow clients to send and receive data with the oldest version of TLS (1.0). If you want to apply stricter security measures to your storage account, this article could be of interest to you. In this post, I will show you how you can configure your storage account to require customers to send and receive data with the latest version of TLS using PowerShell and Azure CLI.

Prerequisites

  • This tutorial assumes that you already have a Microsoft Azure account configured.
  • You can use an existing Storage Account, or you can create a new one. If you want to know how to create a Storage Account using PowerShell, check out this link.
Azure PowerShell Workaround>

Azure PowerShell Workaround #

Important: To configure the minimum TLS version for a storage account with PowerShell, install Azure PowerShell version 4.4.0 or later. If you want to know how to install the PowerShell Azure module on your machine, check out this link. The simplest way to get started is to sign in interactively at the command line.

Connect-AzAccount

This cmdlet will bring up a dialog box prompting you for your email address and password associated with your Azure account. If you have more than one subscription associated with your mail account, you can choose the default subscription. To perform this task, we will use the following commands:

Get-AzSubscription
Select-AzSubscription -Subscription "My Subscription"

Once you set your default subscription, you’re ready to start.

Set the variables>

Set the variables #

Here, we define the characteristics of our environment and the resource’s properties.

$resourceGroupName = "RG-DEMO-WE"
$stoAccountName = "stoaccountps"
Get the value of MinimumTlsVersion property>

Get the value of MinimumTlsVersion property #

To get the current value of the MinimumTlsVersion property, you should use the Get-AzStorageAccount cmdlet with the following syntax.

(Get-AzStorageAccount -Name -ResourceGroupName).MinimumTlsVersion

Get-AzStorageAccount

Set the MinimumTlsVersion version for the storage account to TLS 1.2>

Set the MinimumTlsVersion version for the storage account to TLS 1.2 #

To set the value of the MinimumTlsVersion property, you should use the Set-AzStorageAccount cmdlet with the following syntax. This parameter supports the following values: TLS1_0, TLS1_1, TLS1_2.

Set-AzStorageAccount `
    -AccountName $stoAccountName `
    -ResourceGroupName $resourceGroupName `
    -MinimumTlsVersion TLS1_2
Set-AzStorageAccount
>

Set-AzStorageAccount
#

Verify the value of MinimumTlsVersion property>

Verify the value of MinimumTlsVersion property #

Finally, to verify that the change has been made correctly, you should use the following command.

(Get-AzStorageAccount -Name -ResourceGroupName).MinimumTlsVersion

Azure TLS

Azure CLI Workaround>

Azure CLI Workaround #

In this case, we will use Azure Cloud Shell, a browser-based shell built into Azure Portal. This allows us to use the Azure command-line tools (Azure CLI and Azure PowerShell) directly from a browser. If you want to know more about Azure Cloud Shell, check out this link. First, we define the characteristics of our environment and store the values in variables.

resourceGroupName="RG-DEMO-NE"
stoAccountName="stoaccountcli"
Get the value of MinimumTlsVersion property>

Get the value of MinimumTlsVersion property #

To get the current value of the MinimumTlsVersion property, you should use the following command.

az resource show \
--name $stoAccountName \
--resource-group $resourceGroupName \
--resource-type Microsoft.Storage/storageAccounts \
--query properties.minimumTlsVersion \
--output tsv
Azure TLS
>

Azure TLS
#

Set the MinimumTlsVersion version for the storage account to TLS 1.2>

Set the MinimumTlsVersion version for the storage account to TLS 1.2 #

To set the value of the MinimumTlsVersion property, you should the following command. This property supports the following values: TLS1_0, TLS1_1, TLS1_2.

az storage account update \
--name $stoAccountName \
--resource-group $resourceGroupName \
--min-tls-version TLS1_2
Azure TLS
>

Azure TLS
#

Verify the value of MinimumTlsVersion property>

Verify the value of MinimumTlsVersion property #

Finally, to verify that the change has been made correctly, you should use the following command.

az resource show \
--name $stoAccountName \
--resource-group $resourceGroupName \
--resource-type Microsoft.Storage/storageAccounts \
--query properties.minimumTlsVersion \
--output tsv

Thanks for reading my post. I hope you find it useful.

If you want to know more about Security recommendations for Azure storage accounts, check out this link.