---
title: Storage account not using latest TLS encryption version
description: Datadog, the leading service for cloud-scale monitoring.
breadcrumbs: >-
  Docs > Datadog Security > Code Security > Infrastructure as Code (IaC)
  Security > IaC Security Rules > Storage account not using latest TLS
  encryption version
---

# Storage account not using latest TLS encryption version

{% callout %}
# Important note for users on the following Datadog sites: app.ddog-gov.com, us2.ddog-gov.com

{% alert level="danger" %}
This product is not supported for your selected [Datadog site](https://docs.datadoghq.com/getting_started/site.md). ({% placeholder "user-datadog-site-name" /%}).
{% /alert %}

{% /callout %}

## Metadata{% #metadata %}

**Id:** `ansible-azure-storage-account-not-using-latest-tls-encryption-version` 

**Provider:** Azure

**Platform:** Ansible

**Severity:** Medium

**Category:** Encryption

#### Learn More{% #learn-more %}

- [Provider Reference](https://docs.ansible.com/ansible/latest/collections/azure/azcollection/azure_rm_storageaccount_module.html#parameter-minimum_tls_version)

### Description{% #description %}

Storage accounts must enforce TLS 1.2 to protect data in transit and prevent downgrade attacks using older, vulnerable TLS versions. For Ansible, the `azure_rm_storageaccount` or `azure.azcollection.azure_rm_storageaccount` resource must include the `minimum_tls_version` property set to `"TLS1_2"`. Resources missing `minimum_tls_version` or configured with any value other than `"TLS1_2"` (for example `"TLS1_0"` or `"TLS1_1"`) are flagged.

## Compliant Code Examples{% #compliant-code-examples %}

```yaml
- name: Create an account with kind of FileStorage
  azure_rm_storageaccount:
    resource_group: myResourceGroup
    name: c1h0002
    type: Premium_LRS
    kind: FileStorage
    minimum_tls_version: TLS1_2
    tags:
      testing: testing
```

## Non-Compliant Code Examples{% #non-compliant-code-examples %}

```yaml
---
- name: Create an account with kind of FileStorage
  azure_rm_storageaccount:
    resource_group: myResourceGroup
    name: c1h0002
    type: Premium_LRS
    kind: FileStorage
    minimum_tls_version: TLS1_0
    tags:
      testing: testing
- name: Create a second account with kind of FileStorage
  azure_rm_storageaccount:
    resource_group: myResourceGroup
    name: clh0003
    type: Premium_LRS
    kind: FileStorage
```