Azure-AppService-TLS-Version-Check

Severity: High

Description: This control ensures that web app is using the latest version of TLS encryption. Encryption should be set with the latest version of TLS. App service allows TLS 1.2 by default, which is the recommended TLS level by industry standards, such as PCI DSS. App service currently allows the web app to set TLS versions 1.0, 1.1 and 1.2. It is highly recommended to use the latest TLS 1.2 version for web app secure connections. By default, TLS Version feature will be set to 1.2 when a new app is created using the command-line tool or Azure Portal console

Remediation Steps:

Perform following to update App Service configuration:

1. Login to Azure Portal using https://portal.azure.com.

2. Go to App Services.

3. Click on affected Web App.

4. Under Setting section, Click on TLS/SSL settings.

5. Set Minimum TLS Version to 1.2 under Protocol Settings section.

Important:

Reference:

• CIS reference: Azure Foundations Benchmark v1.3.0 - 02-01-2021 : Recommendation #9.3

• https://docs.microsoft.com/en-us/azure/app-service/app-service-web-tutorial-custom-ssl#enforce-tls-versions