last sync: 2024-Dec-05 18:53:22 UTC

App Service Environment should have TLS 1.0 and 1.1 disabled

Azure BuiltIn Policy definition

Source Azure Portal
Display name App Service Environment should have TLS 1.0 and 1.1 disabled
Id d6545c6b-dd9d-4265-91e6-0b451e2f1c50
Version 2.0.1
Details on versioning
Versioning Versions supported for Versioning: 1
2.0.1
Built-in Versioning [Preview]
Category App Service
Microsoft Learn
Description TLS 1.0 and 1.1 are out-of-date protocols that do not support modern cryptographic algorithms. Disabling inbound TLS 1.0 and 1.1 traffic helps secure apps in an App Service Environment.
Mode Indexed
Type BuiltIn
Preview False
Deprecated False
Effect Default
Audit
Allowed
Audit, Deny, Disabled
RBAC role(s) none
Rule aliases IF (3)
Alias Namespace ResourceType Path PathIsDefault DefaultPath Modifiable
Microsoft.Web/HostingEnvironments/clusterSettings[*] Microsoft.Web hostingEnvironments properties.clusterSettings[*] True True
Microsoft.Web/HostingEnvironments/clusterSettings[*].name Microsoft.Web hostingEnvironments properties.clusterSettings[*].name True False
Microsoft.Web/HostingEnvironments/clusterSettings[*].value Microsoft.Web hostingEnvironments properties.clusterSettings[*].value True False
Rule resource types IF (1)
Microsoft.Web/hostingEnvironments
Compliance
The following 1 compliance controls are associated with this Policy definition 'App Service Environment should have TLS 1.0 and 1.1 disabled' (d6545c6b-dd9d-4265-91e6-0b451e2f1c50)
Control Domain Control Name MetadataId Category Title Owner Requirements Description Info Policy#
ACAT_Security_Policies ACAT_Security_Policies ACAT Security Policies Guidelines for M365 Certification Protecting systems and resources Shared n/a Ensures that apps have strong security and compliance practices in place to protect customer data, security, and privacy. link 16
Initiatives usage
Initiative DisplayName Initiative Id Initiative Category State Type
ACAT for Microsoft 365 Certification 80307b86-ab81-45ab-bf4f-4e0b93cf3dd5 Regulatory Compliance GA BuiltIn
Deny or Deploy and append TLS requirements and SSL enforcement on resources without Encryption in transit Enforce-EncryptTransit_20240509 Encryption GA ALZ
History
Date/Time (UTC ymd) (i) Change type Change detail
2022-07-01 16:32:34 change Patch (2.0.0 > 2.0.1)
2021-05-04 14:34:06 change Major (1.0.0 > 2.0.0)
2021-04-27 15:38:15 add d6545c6b-dd9d-4265-91e6-0b451e2f1c50
JSON compare
compare mode: version left: version right:
JSON
api-version=2021-06-01
EPAC