Questions Regarding Minimum TLS Version for Azure Storage Accounts

Question

Questions Regarding Minimum TLS Version for Azure Storage Accounts

Idan Aharoni 20

Hi,

We currently use two methods to create storage accounts in Azure:

According to https://learn.microsoft.com/en-us/azure/storage/common/transport-layer-security-configure-migrate-to-tls2#about-transport-layer-security, Azure will stop supporting TLS versions below 1.2.

We’ve observed that storage accounts created via our current deployment methods are set by default to "Minimum TLS version: 1.0". We have two questions regarding this:

Once Azure discontinues support for TLS versions below 1.2, will newly created storage accounts default to "Minimum TLS version: 1.2"?
Will existing storage accounts be automatically updated to have "Minimum TLS version" set to 1.2?

Thanks You.

Idan Aharoni 20 Reputation points

2025-07-30T12:58:39.5466667+00:00

Hi, We noticed in your latest API documentation (https://learn.microsoft.com/en-us/rest/api/storagerp/storage-accounts/create?view=rest-storagerp-2024-01-01&tabs=HTTP) that the default minimum TLS version for new storage accounts is set to 1.0:

We also confirmed this by testing the API without specifying the minimum TLS version parameter.

Given that support for TLS versions below 1.2 will be discontinued starting in November, how will this impact storage accounts created without the minimum TLS version parameter? Will such accounts still be created, and if so, what TLS version will they default to?

Thank you.

Accepted answer

0 additional answers

Your answer

Idan Aharoni 20 Reputation points

2025-07-30T12:58:39.5466667+00:00

Hi, We noticed in your latest API documentation (https://learn.microsoft.com/en-us/rest/api/storagerp/storage-accounts/create?view=rest-storagerp-2024-01-01&tabs=HTTP) that the default minimum TLS version for new storage accounts is set to 1.0:

We also confirmed this by testing the API without specifying the minimum TLS version parameter.

Given that support for TLS versions below 1.2 will be discontinued starting in November, how will this impact storage accounts created without the minimum TLS version parameter? Will such accounts still be created, and if so, what TLS version will they default to?

Thank you.

Answer 1

Marcin Policht 53,675 MVP Volunteer Moderator

Once Azure discontinues support for TLS versions below 1.2, will newly created storage accounts default to "Minimum TLS version: 1.2"?

This behavior may vary depending on:

The SDK or API version you’re using.
The region you're deploying to.
Whether you're using legacy or newer SDKs (like Azure.ResourceManager SDKs).

Currently, storage accounts created with the Fluent SDK or the Management SDK often default to TLS 1.0 unless you explicitly specify a different version in the creation parameters. To ensure compliance, you should explicitly set the MinimumTlsVersion property to TLS1_2 when creating new storage accounts.

Will existing storage accounts be automatically updated to have "Minimum TLS version" set to 1.2?

AFAIK, in a sense - yes, but this will be enforced on the platform level. As per

https://techcommunity.microsoft.com/blog/azurepaasblog/azure-storage---tls-1-0-and-1-1-retirement/4281140

Azure Storage TLS 1.0 and 1.1 deprecation date was postponed 1 year, to Nov 1st, 2025. After that date, all clients connecting to Azure Storage services using TLS version below 1.2, will not be able to connect to Azure Storage anymore. You don't need to take any action on your Azure Storage services; this change will be automatic. You just need to ensure that all client applications connecting to your Storage accounts are using TLS 1.2 or above, after that date.

If the above response helps answer your question, remember to "Accept Answer" so that others in the community facing similar issues can easily find the solution. Your contribution is highly appreciated.

hth

Marcin

Idan Aharoni 20 Reputation points

2025-07-14T11:34:10.96+00:00

Thanks Marcin.

Regarding my first question: Is there a chance that storage account creation using these SDKs will fail unless we explicitly specify the minimum TLS version? Or will Azure automatically update the default "Minimum TLS Version" value to 1.2?

Thanks in advance
Marcin Policht 53,675 Reputation points MVP Volunteer Moderator

2025-07-14T21:04:58.9933333+00:00

As per https://learn.microsoft.com/en-us/azure/storage/common/transport-layer-security-configure-migrate-to-tls2

On Nov 1, 2025, Azure Blob Storage will stop supporting versions 1.0 and 1.1 of Transport Layer Security (TLS). TLS 1.2 will become the new minimum TLS version. This change impacts all existing and new blob storage accounts, using TLS 1.0 and 1.1 in all clouds. Storage accounts already using TLS 1.2 aren't impacted by this change.

Effectively, I'd expect that an attempt to create a storage account configured for a TLS version lower than 1.2 would fail

If the above response helps answer your question, remember to "Accept Answer" so that others in the community facing similar issues can easily find the solution. Your contribution is highly appreciated.

hth

Marcin
Nandamuri Pranay Teja 4,445 Reputation points Microsoft External Staff Moderator

2025-07-16T07:00:37.4633333+00:00

Hello Idan Aharoni

Just checking in to see if the provided answer helped. If this answers your query, do click "Accept the answer” for the same, which might be beneficial to other community members reading this thread. And, if you have any further queries do let us know.

Share via

Questions Regarding Minimum TLS Version for Azure Storage Accounts

0 additional answers

Your answer