Share via

Create Storage Account Minimum TLS Version

Idan Aharoni 20 Reputation points
2025-08-03T09:28:29.23+00:00

Hi, We noticed in your latest API documentation (https://learn.microsoft.com/en-us/rest/api/storagerp/storage-accounts/create?view=rest-storagerp-2024-01-01&tabs=HTTP) that the default minimum TLS version for new storage accounts is set to 1.0:User's image

We also confirmed this by testing the API without specifying the minimum TLS version parameter.

Given that support for TLS versions below 1.2 will be discontinued starting in November, how will this impact storage accounts created without the minimum TLS version parameter? Will such accounts still be created, and if so, what TLS version will they default to?

Thank you.

Azure Storage
Azure Storage
Globally unique resources that provide access to data management services and serve as the parent namespace for the services.

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Vinodh247 36,031 Reputation points MVP Volunteer Moderator
    2025-08-03T10:34:49.26+00:00

    Hi ,

    Thanks for reaching out to Microsoft Q&A.

    Microsoft has announced the deprecation of TLS 1.0 and 1.1, and will enforce TLS 1.2 or higher starting November 1, 2025.

    Once enforcement begins...

    Storage accounts created without explicitly specifying minimumTlsVersion will likely fail creation if the platform blocks TLS 1.0 at the time of provisioning.

    Alternatively, Microsoft may silently override the default behavior and apply TLS 1.2 as the minimum, even if the API schema has not been updated yet. This behavior change would likely be documented in upcoming release notes.

    To avoid ambiguity or breaking changes:

    Always explicitly set minimumTlsVersion to TLS1_2 (or higher) in your storage account creation scripts and templates.

    Monitor Azure updates or the Azure REST API changelog for any updates to this default behavior.

    What You Can Expect Post November?

    If nothing changes in the API:

    • Storage accounts created without minimumTlsVersion may either be blocked or default to TLS 1.2.
    • Legacy deployments or IaC pipelines might break if they depend on the implicit TLS 1.0 default.

    Please 'Upvote'(Thumbs-up) and 'Accept' as answer if the reply was helpful. This will be benefitting other community members who face the same issue.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.