Storage Accounts ‘Secure transfer required’ should be enabled

Description

The secure transfer option enhances the security of a storage account by only allowing requests to the storage account by a secure connection. This control does not apply for custom domain names since Azure storage does not support HTTPS for custom domain names.

Console Remediation Steps

  • Navigate to Storage Accounts.

  • Select the Storage Account and in the left navigation, select Configuration.

  • In Secure transfer required, select Enabled and click Save.

CLI Remediation Steps

  • Enable secure transfer required for your Storage Account:

    • az storage account update -g {ResourceGroupName} -n {StorageAccountName} --https-only true { "name": "{StorageAccountName}", "enableHttpsTrafficOnly": true, "type": "Microsoft.Storage/storageAccounts" ... }