Control: Ensure the 'Minimum TLS version' for storage accounts is set to 'Version 1.2'
Description
In some cases, Azure Storage sets the minimum TLS version to be version 1.0 by default. TLS 1.0 is a legacy version and has known vulnerabilities. This minimum TLS version can be configured to be later protocols such as TLS 1.2.
Usage
Run the control in your terminal:
powerpipe control run azure_compliance.control.storage_account_min_tls_1_2Snapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run azure_compliance.control.storage_account_min_tls_1_2 --shareSQL
This control uses a named query:
select sa.id as resource, case when minimum_tls_version = 'TLSEnforcementDisabled' then 'alarm' when minimum_tls_version = 'TLS1_2' then 'ok' else 'alarm' end as status, case when minimum_tls_version = 'TLSEnforcementDisabled' then sa.name || ' TLS enforcement is disabled.' when minimum_tls_version = 'TLS1_2' then sa.name || ' minimum TLS version set to ' || minimum_tls_version || '.' else sa.name || ' minimum TLS version set to ' || minimum_tls_version || '.' end as reason , sa.resource_group as resource_group , sub.display_name as subscriptionfrom azure_storage_account sa, azure_subscription subwhere sub.subscription_id = sa.subscription_id;