Severity : High
Description:
...
This control ensures that `Secure transfer required' is enabled to enforce storage account access only over encrypted channel. The option to use HTTPS for secure transfer option enhances the security of storage account by only allowing requests to the storage account by a secure connection. Any requests using HTTP will be rejected when 'secure transfer required' is enabled.
Remediation Steps:
Perform following to update parameters:
Login to Azure Portal using https://portal.azure.com.
For each storage account, go to Configuration.
Set Secure transfer required to Enabled.
Important:
Azure storage doesn't support HTTPS for custom domain names, this option is not applied when using a custom domain name
Reference:
CIS Microsoft Azure Foundations Benchmark v1.3.0 - 02-01-2021 : Recommendation #3.1
https://docs.microsoft.com/en-us/azure/storage/storage-security-guide#encryption-in-transit