Azure-StorageAccounts-Storage-Accounts-HTTPS

Owned by naveen

Last updated: Dec 09, 2021

1 min read

Severity : High

Description: This control ensures that `Secure transfer required' is enabled to enforce storage account access only over encrypted channel. The option to use HTTPS for secure transfer option enhances the security of storage account by only allowing requests to the storage account by a secure connection. Any requests using HTTP will be rejected when 'secure transfer required' is enabled.

Remediation Steps:

Perform following to update in transit encryption:

Login to Azure Portal using https://portal.azure.com.
For each storage account, go to Configuration.
Set Secure transfer required to Enabled.

Important:

Azure storage doesn't support HTTPS for custom domain names, this option is not applied when using a custom domain name

Reference:

CIS Microsoft Azure Foundations Benchmark v1.3.0 - 02-01-2021 : Recommendation #3.1
https://docs.microsoft.com/en-us/azure/storage/storage-security-guide#encryption-in-transit
https://docs.microsoft.com/en-us/cli/azure/storage/account?view=azure-cli-latest#az_storage_account_list

https://docs.microsoft.com/en-us/cli/azure/storage/account?view=azure-cli-latest#az_storage_account_update

Blue Hexagon Proprietary