Description
In some cases, Azure Storage sets the minimum TLS version to be version 1.0 by default. TLS 1.0 is a legacy version and has known vulnerabilities. This minimum TLS version can be configured to be later protocols such as TLS 1.2.
Rationaleβ
TLS 1.0 has known vulnerabilities and has been replaced by later versions of the TLS protocol. Continued use of this legacy protocol affects the security of data in transit.
Impactβ
When set to TLS 1.2 all requests must leverage this version of the protocol. Applications leveraging legacy versions of the protocol will fail.
Auditβ
This policy flags an Azure Storage Account as INCOMPLIANT if its Minimum TLS Version is not set to TLS1_2.
Default Valueβ
If a storage account is created through the portal, the MinimumTlsVersion property for that storage account will be set to TLS 1.2.
If a storage account is created through PowerShell or CLI, the MinimumTlsVersion property for that storage account will not be set, and defaults to TLS 1.0.