Azure Storage account users can now benefit from “Secure Transfer Required” option which enhances the security of their accounts by only allowing requests to the account from secure connections. For example, when using REST APIs to access your storage account all non-HTTPS connections will be rejected.
“Secure transfer required” option is disabled by default. It also is not supported on custom domains and classic storage accounts.
How to enable “Secure transfer required” option
“Secure transfer required” option is available in Azure portal for all new and existing storage accounts.
Enable secure transfer for a new account:
In order to activate this option, open the Create storage account pane in Azure portal and select the “Enabled” option under the “Secure transfer required” field as shown below:
Enable secure transfer for an existing account:
To enable this option in existing storage account, open the existing account in Azure portal and go to Settings in the account menu pane. From there visit Configuration and select “Enabled” under “Secure transfer required” field in the dialog:
Require secure transfer programmatically:
Use the setting supportsHttpsTrafficOnly in storage account properties with REST API or any of the following libraries:
- REST API (v. 2016-12-01)
- PowerShell (v. 4.1.0)
- CLI (v. 2.0.11)
- NodeJS (v. 1.1.0)
- .NET SDK (v.6.3.0)
- Python SDK (v. 1.1.0)
- Ruby SDK (v. 0.11.0)
Refer to the Storage Security Guide for further reading on the comprehensive set of security capabilities for Azure Storage.