HIGH
Source
CloudSploit
ID
storage-accounts-https

Storage Accounts HTTPS

Ensures HTTPS-only traffic is allowed to storage account endpoints

Storage Accounts can contain sensitive information and should only be accessed over HTTPS. Enabling the HTTPS-only flag ensures that Azure does not allow HTTP traffic to Storage Accounts.

Follow the appropriate remediation steps below to resolve the issue.

  1. Log in to the Microsoft Azure Management Console.

  2. Select the “Search resources, services, and docs” option at the top and search for Storage account. Step

  3. Select the “Storage account” by clicking on the “Name” link to access the configuration changes. Step

  4. Scroll down the selected “Storage account” navigation panel and in “Settings” click on the “Configurations”.Step

  5. On the “Configurations” page, scroll down and check whether “Secure transfer required” is set to Disabled or Enabled. If it’s set to “Disabled”, then the HTTPS-only traffic is not allowed to storage account endpoints.Step

  6. Repeat steps 2 - 5 to check other Storage accounts.

  7. Navigate to the “Storage accounts”, select the “Storage account” and click on the “Name”, select the “Configurations” under “Settings” that needs to enable the “HTTPS”.Step

  8. On the “Configurations” page, click on the radio button next to the Enabled under the “Secure transfer required”.Step

  9. Click on the “Save” option at the top to make the changes.Step

  10. Repeat steps number 7 - 9 to enable the HTTPS-only option for all Storage Accounts.