Skip to end of banner Go to start of banner

Azure-StorageAccounts-Storage-Accounts-HTTPS

Skip to end of metadata

Created by naveen, last modified on Dec 09, 2021

Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Severity : High

Description: This control ensures that `Secure transfer required' is enabled to enforce storage account access only over encrypted channel. The option to use HTTPS for secure transfer option enhances the security of storage account by only allowing requests to the storage account by a secure connection. Any requests using HTTP will be rejected when 'secure transfer required' is enabled.

Remediation Steps:

Perform following to update parameters:

Login to Azure Portal using https://portal.azure.com.
For each storage account, go to Configuration.
Set Secure transfer required to Enabled.

Important:

Azure storage doesn't support HTTPS for custom domain names, this option is not applied when using a custom domain name

Reference:

CIS Microsoft Azure Foundations Benchmark v1.3.0 - 02-01-2021 : Recommendation #3.1
https://docs.microsoft.com/en-us/azure/storage/storage-security-guide#encryption-in-transit
https://docs.microsoft.com/en-us/cli/azure/storage/account?view=azure-cli-latest#az_storage_account_list

https://docs.microsoft.com/en-us/cli/azure/storage/account?view=azure-cli-latest#az_storage_account_update

No labels

Blue Hexagon Proprietary