Description:

Setting the minimum TLS version to TLS 1.2 ensures that all connections to the storage account use a strong, modern encryption protocol. Older versions like TLS 1.0 and 1.1 are less secure and should be disabled.


Rationale:

TLS 1.2 provides stronger protection against attacks and vulnerabilities found in older protocol versions. Forcing the use of TLS 1.2 ensures secure communication between clients and the storage account, protecting sensitive data in transit.


Impact:

Older applications, scripts, or services that only support TLS 1.0 or 1.1 will no longer be able to connect. These clients must be updated to support TLS 1.2 before enabling this setting.


Default Value:

  • By default, many older storage accounts use TLS 1.0.

  • Newer storage accounts default to TLS 1.2.


Pre-requisites:

  • You must have Owner, Contributor, or Storage Account Contributor permissions.

  • Applications accessing the account must support TLS 1.2.


Test Plan:

  1. Sign in to the Azure portal https://portal.azure.com

  2. In the portal, search for Storage accounts. Select the storage account to check.

  3. Under Settings, Open Configuration.

  4. Locate the Minimum TLS version setting.

  5. Confirm it is set to TLS 1.2.

  1. If it is set to TLS 1.1 or TLS 1.0, then follow the implementation plan.

Implementation Plan:

  1. Open the Azure portal: https://portal.azure.com

  2. In the portal, search for Storage accounts and select your storage account.

  1. Under Settings, Open Configuration.

  2. Locate the Minimum TLS version.

  3. Set it to TLS 1.2.

  1. Save the changes.

Backout Plan:

  1. Open the Azure portal at https://portal.azure.com.

  2. In the portal, search for the same Storage account, and under Settings, open Configuration.

  3. Change the Minimum TLS version back to the previous value if needed (TLS 1.1 or TLS 1.0).

  4. Click Save to apply the changes.

Reference: