Missing storage account minimumTlsVersion property

Martin D 41 Reputation points
2021-06-12T10:31:38.463+00:00

Hi,
I need to get value of the "MinimumTlsVersion" property for storage accounts in Azure so that I can verify that it's set to TLS 1.2.

I'm using visual studio, .NET core and REST API's for my solution and when I query the "Storage Accounts - List" (version 2021-04-01) API the json response doesn't include that property, although the documentation mentions it. I do see other important properties in the response that I'm checking atm such as:

...
"name": "mycoolstorageaccount",
"properties": {
...
"allowBlobPublicAccess": false,
"supportsHttpsTrafficOnly": true,
...

I've also tried the other rest API versions but none seem to include that property in the response.

I've also tried using different NuGet packages instead such as "Azure.ResourceManager.Storage", "Microsoft.Azure.Management.Storage.Fluent" and "Microsoft.Azure.Management.Storage".

The only way I can seem to see the property at all is to create a StorageManagementClient using the Microsoft.Azure.Management.Storage package. Bu when I do this the value of the MinimumTlsVersion property is null. Other properties values have values, such as boolss though.

An example of my code in my Xunit test where I'm trying this out:

        var principalLogIn = new ServicePrincipalLoginInformation();
        principalLogIn.ClientId = clientId;
        principalLogIn.ClientSecret = clientSecret;

        var environment = AzureEnvironment.AzureGlobalCloud;
        var azureCredentials = new AzureCredentials(principalLogIn, tenantId, environment).WithDefaultSubscription(_subscriptionId);

        var storageManagementClient = new StorageManagementClient(azureCredentials);
        storageManagementClient.SubscriptionId = _subscriptionId;
        var storageAccounts = storageManagementClient.StorageAccounts.List();

        foreach (var sa in storageAccounts)
        {
                _output.WriteLine($"{sa.Name} MinimumTlsVersion: {sa.MinimumTlsVersion}");
            }
        }

Here the "sa.MinimumTlsVersion" is null as mentioned while the sa name is printed to output.

So my question is, is it possible to see the property when calling the API by requesting to expand the response somehow or is there some other way to get the value of this property since it's displayed in the portal? Or is it perhaps only possible to set it and not "get" it?

Thank you in advance!

Br, Martin

Azure Storage Accounts
Azure Storage Accounts
Globally unique resources that provide access to data management services and serve as the parent namespace for the services.
3,101 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Martin D 41 Reputation points
    2021-06-17T07:39:21.507+00:00

    Hi,
    I've confirmed this behaviour. All my storage accounts were using the default TLS1 1.0 version so that's why the property didn't appear at all in the json response from the API. When I reconfigured some storage accounts to use TLS 1.1 or TLS 1.2 instead, the TLS property did appear, for example:

    "minimumTlsVersion": "TLS1_1",

    Although it seems like strange behaviour that the property is missing by default if TLS 1.0 is used, at least I can now develop a workaround to handle this.

    Thank you for your help in this!

    Br,

    Martin

    1 person found this answer helpful.
    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.