https://azure.microsoft.com/en-us/updates/azure-support-tls-will-end-by-31-october-2024-2/
Azure 对 TLS 1.0 和 1.1 的支持将于 2024 年 10 月 31 日结束。我需要升级每个存储帐户 MinimumTlsVersion属性。
虽然有办法做到这一点(pwsh,Portal,ARM),但我很好奇是否有办法获取使用 TLS <1.2 的所有存储的列表。
# Ensure you're logged in to Azure
# Connect-AzAccount
# Set your Azure subscription ID
$subscriptionId = "your-subscription-id"
# Select the Azure subscription
Select-AzSubscription -SubscriptionId $subscriptionId
# Get all Storage accounts in the subscription
$storageAccounts = Get-AzStorageAccount
# Initialize an empty array to hold Storage accounts with TLS 1.0
$storagesUsingTls1_0 = @()
foreach ($storage in $storageAccounts) {
try {
# Attempt to fetch the storage account properties, including the minimum TLS version
$storageProps = Get-AzStorageAccount -ResourceGroupName $storage.ResourceGroupName -AccountName $storage.StorageAccountName
$tlsSetting = $storageProps.Encryption.MinimumTlsVersion
# Check if the TLS version is 1.0
if ($tlsSetting -eq "TLS1_0") {
# Add to the list
$storagesUsingTls1_0 += $storage
}
} catch {
Write-Host "Error retrieving TLS settings for storage account: $($storage.StorageAccountName)"
}
}
# Output the Storage accounts using TLS 1.0
$storagesUsingTls1_0 | Format-Table StorageAccountName, ResourceGroupName, Location, @{Name="TLS Version"; Expression={$_.Encryption.MinimumTlsVersion}}
答案1
如果您的问题只是查看所有 TLS 版本不是 1.2 的存储帐户,我建议您使用 Azure Resource Graph Explorer。它在 Azure 门户中可用(只需搜索它)并允许您查询 Azure 资源。以下查询将为您提供所有未使用 TLS 版本 1.2 的存储帐户:
resources
| where type == "microsoft.storage/storageaccounts"
| where properties['minimumTlsVersion'] != "TLS1_2"
| project name, resourceGroup, properties.minimumTlsVersion