Storage Accounts ‘Secure transfer required’ should be enabled

Description

The secure transfer option enhances the security of a storage account by only allowing requests to the storage account by a secure connection. This control does not apply for custom domain names since Azure storage does not support HTTPS for custom domain names.

Remediation Steps

Azure Portal

  • Navigate to Storage Accounts.

  • Select the Storage Account and in the left navigation, select Configuration.

  • In Secure transfer required, select Enabled and click Save.

Azure CLI

  • Enable secure transfer required for your Storage Account:

    • az storage account update -g {ResourceGroupName} -n {StorageAccountName} --https-only true { "name": "{StorageAccountName}", "enableHttpsTrafficOnly": true, "type": "Microsoft.Storage/storageAccounts" ... }

Azure Resource Manager

{
  "properties": {
    "supportsHttpsTrafficOnly": true
  }
}

Example Configuration

{
   "type": "Microsoft.Storage/storageAccounts",
   "apiVersion": "2021-06-01",
   "properties": {
    "supportHttpsTrafficOnly": true
    }
  # other required fields here
}

Terraform

Example Configuration

resource "azurerm_storage_account" "example" {
  enable_https_traffic_only = true

  # other required fields here
}