This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(0, 5%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EUS%3C/text%3E%3C/svg%3E)
TLS version needs to be updated to the latest in our subscription. So apart from storage accounts which all are the Azure resources which uses TLS which can be configured ?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(246.4, 82%, 33%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAZ%3C/text%3E%3C/svg%3E)
Sorry, answered twice! system glitch :)
Well, based on Microsoft Documentation. Azure resources that use and can be configured for TLS include a wide range of services. These services primarily operate in TLS 1.2-only mode, but some still allow TLS 1.0 and 1.1 for legacy support. Here's a list of several Azure offerings that use TLS:
If you find the provided information helpful and it resolves your query, please consider accepting the answer. Your feedback is valuable and helps ensure the quality and relevance of the responses.
@Udhayakumar Sundaramurty You need to validate your individual resources if you have configure TLS 1.0 or 1.1 for any azure services. In case if you have deployed your services on azure then you need to make sure that you are using TLS 1.2 for communication.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(201.6, 0%, 29%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ENG%3C/text%3E%3C/svg%3E)
If Azure VPN Gateway is indeed using TLS 1.2, Can somebody please confirm what is the TLS 1.2 configuration for a client using Azure VPN Gateway?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(105.60000000000001, 52%, 20%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESS%3C/text%3E%3C/svg%3E)
Can somebody confirm whether TLS is being used anywhere on the Azure VPN gateway? VPN gateway majorly goes over IPSEC, not TLS. Where can we find the TLS settings on Azure VPN gateway/VPN configuration file?
Hello @AdamZachary . Thank you for the reply. I could see the tls configuration for storage accounts for configuring it. But I couldn't find the same for function app , key vault , aks , aad and logic apps. your assistance is required on this one. Thanks again.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(224.00000000000003, 57.00000000000001%, 31%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ELK%3C/text%3E%3C/svg%3E)
For Function Apps you can see tls version in Configuration --> General Settings
For key vaults I think it has to do with the minimum enforced TLS version that the application using the key vault has
Well, yes not all Azure resources have a straightforward dropdown list where you can choose the minimum TLS version.
So, based on the latest information from Microsoft's documentation, here's an overview of how TLS can be configured for the following Azure resources:
Azure Function App:
TLS configuration for Function Apps is available through the Azure Portal. To configure the minimum TLS version, you need to select your Function App, go to Settings tab -> Configuration -> General Settings. then under Platform settings you'll find "Minimum Inbound TLS version"
Azure Logic Apps: Go to Azure portal, Search your Logic App. Go to -> Settings -> Configurations -> General Settings tab -> Stack Settings -> Minimum Inbound TLS version.
TLS 1.3 support for Logic Apps, as part of Azure App Service, began rolling out in October 2023 and is expected to continue into 2024. During the initial release phase, there might be intermittent issues with TLS 1.3, so it's advised not to set TLS 1.3 as the minimum version until January 2024 to avoid connection failures or denied requests.
Azure Key Vault: As for Azure Key Vault, the approach to managing TLS versions differs from other Azure services. Key Vault does not allow for the direct configuration of the minimum TLS version at the service level. Instead, the control of TLS versions is largely dependent on the client-side configuration.
TLS Configuration on the Client Side:
- TLS version restrictions for Azure Key Vault can be implemented through client-side configurations. This means the applications or services communicating with Azure Key Vault should enforce the desired TLS version, such as TLS 1.2.
In short for Azure Key Vault, the emphasis is on ensuring that the client applications and services that interact with the Key Vault are configured to use the desired TLS version, as the service itself does not provide a direct mechanism to enforce a minimum TLS version.
Azure Kubernetes Service (AKS):
Configuring TLS/SSL settings for AKS primarily involves the use of an ingress controller.
TLS can be used with an ingress controller to secure communication between applications. The NGINX ingress controller, for example, supports TLS termination. Certificates for HTTPS can be retrieved and configured in several ways, including automatic generation and management through cert-manager. In short, there is no option from the Azure portal to flip a switch and choose the minimum TLS version.
Azure Active Directory (AAD):
For configuring TLS/SSL settings in Azure Active Directory (Azure AD) or Microsoft Entra ID, the focus is primarily on ensuring that the client-side applications and systems interacting with Azure AD support the required TLS version. Based on the latest Microsoft documentation:
If you find the provided information helpful and it resolves your query, please consider accepting the answer. Your feedback is valuable and helps ensure the quality and relevance of the responses.
For Common Data Service, Dynamics 365 AI Customer Insights, Dynamics 365 Fraud Protection , Event Grid how we can see what TLS version is used?
Can somebody confirm whether TLS is being used anywhere on the Azure VPN gateway? VPN gateway majorly goes over IPSEC, not TLS. Where can we find the TLS settings on Azure VPN gateway/VPN configuration file?