Storage Accounts HTTPS
Ensures HTTPS-only traffic is allowed to storage account endpoints
Storage Accounts can contain sensitive information and should only be accessed over HTTPS. Enabling the HTTPS-only flag ensures that Azure does not allow HTTP traffic to Storage Accounts.
Recommended Actions
Follow the appropriate remediation steps below to resolve the issue.
-
Log in to the Microsoft Azure Management Console.
-
Select the “Search resources, services, and docs” option at the top and search for Storage account.
-
Select the “Storage account” by clicking on the “Name” link to access the configuration changes.
-
Scroll down the selected “Storage account” navigation panel and in “Settings” click on the “Configurations”.
-
On the “Configurations” page, scroll down and check whether “Secure transfer required” is set to Disabled or Enabled. If it’s set to “Disabled”, then the HTTPS-only traffic is not allowed to storage account endpoints.
-
Repeat steps 2 - 5 to check other Storage accounts.
-
Navigate to the “Storage accounts”, select the “Storage account” and click on the “Name”, select the “Configurations” under “Settings” that needs to enable the “HTTPS”.
-
On the “Configurations” page, click on the radio button next to the Enabled under the “Secure transfer required”.
-
Click on the “Save” option at the top to make the changes.
-
Repeat steps number 7 - 9 to enable the HTTPS-only option for all Storage Accounts.