diff --git a/pkg/infrastructure/azure/storage.go b/pkg/infrastructure/azure/storage.go
index 4f767952c7c..36a05637a17 100644
--- a/pkg/infrastructure/azure/storage.go
+++ b/pkg/infrastructure/azure/storage.go
@@ -97,12 +97,13 @@ func CreateStorageAccount(ctx context.Context, in *CreateStorageAccountInput) (*
 		Location: to.Ptr(in.Region),
 		SKU:      &sku,
 		Properties: &armstorage.AccountPropertiesCreateParameters{
-			AllowBlobPublicAccess: to.Ptr(false),
-			AllowSharedKeyAccess:  to.Ptr(allowSharedKeyAccess),
-			IsLocalUserEnabled:    to.Ptr(true),
-			LargeFileSharesState:  to.Ptr(armstorage.LargeFileSharesStateEnabled),
-			PublicNetworkAccess:   to.Ptr(armstorage.PublicNetworkAccessEnabled),
-			MinimumTLSVersion:     &minimumTLSVersion,
+			AllowBlobPublicAccess:       to.Ptr(false),
+			AllowSharedKeyAccess:        to.Ptr(allowSharedKeyAccess),
+			IsLocalUserEnabled:          to.Ptr(true),
+			LargeFileSharesState:        to.Ptr(armstorage.LargeFileSharesStateEnabled),
+			PublicNetworkAccess:         to.Ptr(armstorage.PublicNetworkAccessEnabled),
+			MinimumTLSVersion:           &minimumTLSVersion,
+			AllowCrossTenantReplication: to.Ptr(false), // must remain false to comply with BAFIN and PCI-DSS regulations
 		},
 		Tags: in.Tags,
 	}