Microsoft’s Azure Blob Storage will officially end support for Transport Layer Security (TLS) versions 1.0 and 1.1 today, February 3. From today, TLS 1.2 will be mandatory as the minimum security protocol version for all incoming requests across all cloud environments. This critical security update will ensure communication between apps and servers use up-to-date encryption standards.
This change affects existing and newly created storage accounts, so immediate action is needed from admins to avoid service interruptions.
The new enforcement occurs at the storage account level, so the requirement extends to Azure Files, Queue Storage, and Table Storage if they share the same account. If a storage account is already using TLS 1.2 or higher then it won’t be impacted by this cutoff.
Microsoft mentions that clients should be running Windows 8 or Windows Server 2016 at a minimum for the smoothest transition because these have TLS 1.2 enabled by default. Furthermore, developers are advised to use .NET Framework 4.7 or later and use Visual Studio 2017 or higher to ensure compatibility with the updated security protocols.
Organizations that do not migrate their client applications by the deadline will encounter connectivity failures and disruptions as Azure starts rejecting requests made using deprecated protocols. With this shift, organizations will be forced to use cryptographic algorithms that meet modern regulatory standards such as FedRAMP and NIST.
As cyberattacks are ever-increasing, there is an industry-wide push to stop using older security protocols that are vulnerable to threats. By pushing its users to TLS 1.2, Microsoft is ensuring that everyone gets significantly better performance and security compared to older TLS versions.
In the run up to this change, admins were instructed to identify clients still using older TLS versions via logging and to reduce this legacy traffic. Given the deadline is now reached, the time for this is over and anyone still using older TLS versions will encounter issues connecting.
Additionally, Microsoft recommends updating development libraries, removing hardcoded protocol references, and conducting compatibility testing using tools like Fiddler or Qualys SSL Labs. Organizations should also notify their customers and partners to ensure third-party integrations continue to work after the deprecation.
For more information, check out Microsoft Learn.