Description:

The Secure Transfer Required setting in Azure Storage Accounts ensures that all connections use secure protocols like HTTPS instead of HTTP. When this setting is enabled, every request to the storage account must use TLS encryption, which protects data from being intercepted or modified during transfer.

Rationale:

Enabling Secure Transfer Required ensures that all data sent to and from the storage account is encrypted in transit. This prevents attackers from intercepting or altering the data over unsecured connections like HTTP. Forcing HTTPS helps protect sensitive information and supports compliance with security standards such as SOC 2, HIPAA, and GDPR, all of which require encrypted communication.

Impact:

Enabling Secure Transfer Required ensures all data sent to or from the storage account is encrypted, improving security and protecting sensitive information. However, older applications or services that do not support HTTPS will no longer be able to connect. You must make sure all clients and systems accessing the storage account can use HTTPS.

Default Value:

By default, Azure Storage Accounts have Secure transfer required set to Disabled, which means HTTP (unencrypted) access is allowed unless the setting is manually enabled.

Pre-requisites:

You must have an Azure Storage Account already created.
You need the Owner, Contributor, or Storage Account Contributor role to change the configuration.

Test Plan:

Sign in to the Azure portal at https://portal.azure.com.
In the portal, search for Storage Accounts and open the required storage account.
In the left-hand menu, under Settings, select Configuration.
In the Configuration page, verify whether “Secure transfer required” is enabled.

If it is not enabled, follow the implementation Steps.

Implementation Steps:

Sign in to the Azure portal at https://portal.azure.com.
In the portal, search for Storage Accounts and open the required storage account.

In the left-hand menu, under Settings, select Configuration.
In the Configuration page, enable the ‘Secure transfer required’ option.

Click save.

Backout Plan:

Sign in to the Azure portal at https://portal.azure.com.
In the portal, search for Storage Accounts and open the required storage account.
In the left-hand menu, under Settings, select Configuration.
In the Configuration page, set “Secure transfer required” to Disabled.
Click Save to apply the change.

References:

iCompaas Support

Ensure that 'Secure Transfer Required' is Set to 'Enabled' Print

Rationale:

Impact:

Pre-requisites:

Test Plan:

Sign in to the Azure portal at https://portal.azure.com.

In the portal, search for Storage Accounts and open the required storage account.

In the left-hand menu, under Settings, select Configuration.

In the Configuration page, verify whether “Secure transfer required” is enabled.

If it is not enabled, follow the implementation Steps.

Implementation Steps:

Sign in to the Azure portal at https://portal.azure.com.

In the portal, search for Storage Accounts and open the required storage account.

In the left-hand menu, under Settings, select Configuration.

In the Configuration page, enable the ‘Secure transfer required’ option.

Click save.

Backout Plan:

Ensure that 'Secure Transfer Required' is Set to 'Enabled' Print

Rationale:

Impact:

Pre-requisites:

Test Plan:

Sign in to the Azure portal at https://portal.azure.com.

In the portal, search for Storage Accounts and open the required storage account.

In the left-hand menu, under Settings, select Configuration.

In the Configuration page, verify whether “Secure transfer required” is enabled.

If it is not enabled, follow the implementation Steps.

Implementation Steps:

Sign in to the Azure portal at https://portal.azure.com.

In the portal, search for Storage Accounts and open the required storage account.

In the left-hand menu, under Settings, select Configuration.

In the Configuration page, enable the ‘Secure transfer required’ option.

Click save.

Backout Plan:

Related Articles