4.15 Ensure the 'Minimum TLS version' for storage accounts is set to 'Version 1.2'

1 votes

# Script the verification

# Get all storage accounts and their resource groups
$storageAccounts = Get-AzStorageAccount

# Loop through each storage account and check the minimum TLS version
foreach ($storageAccount in $storageAccounts) {
$name = $storageAccount.StorageAccountName
$resourceGroup = $storageAccount.ResourceGroupName

# Query the minimumTLSVersion field for each storage account
$tlsVersion = (Get-AzStorageAccount -ResourceGroupName $resourceGroup -Name $name).MinimumTlsVersion

# Display the results for those that do not have TLS v1.2 set at their minimum
if ($tlsVersion -ne "TLS1_2") {
[PSCustomObject]@{
Name = $name
ResourceGroup = $resourceGroup
MinimumTLSVersion = $tlsVersion
} | Format-Table -AutoSize
}
}

Done Benchmark Community Suggestion Suggested by: Filip Jodoin (17 Feb, '25) • Upvoted: 17 Feb, '25 • Comments: 1

Comments: 1
Oldest • Newest • Most likes • Fewest likes

19 Feb, '25
Moderator Admin
Highlighted comment

Hi Filip

Thanks for the suggestions that you have added. Unfortunately, this is not the forum for those - it would be the Benchmark specific Community on CIS Workbench.

You can access the list of Workbench Communities at https://workbench.cisecurity.org/communities/public. And then once you locate the community which has published the Benchmark, you can add a Discussion or Ticket regarding your specific suggestion.

I hope this helps.

Best regards

Chris

4.15 Ensure the 'Minimum TLS version' for storage accounts is set to 'Version 1.2'

Comments: 1 Oldest • Newest • Most likes • Fewest likes

Comments: 1
Oldest • Newest • Most likes • Fewest likes