Hi @Udhayakumar Sundaramurty
Well, yes not all Azure resources have a straightforward dropdown list where you can choose the minimum TLS version.
So, based on the latest information from Microsoft's documentation, here's an overview of how TLS can be configured for the following Azure resources:
Azure Function App:
TLS configuration for Function Apps is available through the Azure Portal. To configure the minimum TLS version, you need to select your Function App, go to Settings tab -> Configuration -> General Settings. then under Platform settings you'll find "Minimum Inbound TLS version"
Azure Logic Apps:
Go to Azure portal, Search your Logic App. Go to -> Settings -> Configurations -> General Settings tab -> Stack Settings -> Minimum Inbound TLS version.
TLS 1.3 support for Logic Apps, as part of Azure App Service, began rolling out in October 2023 and is expected to continue into 2024. During the initial release phase, there might be intermittent issues with TLS 1.3, so it's advised not to set TLS 1.3 as the minimum version until January 2024 to avoid connection failures or denied requests.
Azure Key Vault:
As for Azure Key Vault, the approach to managing TLS versions differs from other Azure services. Key Vault does not allow for the direct configuration of the minimum TLS version at the service level. Instead, the control of TLS versions is largely dependent on the client-side configuration.
TLS Configuration on the Client Side:
- TLS version restrictions for Azure Key Vault can be implemented through client-side configurations. This means the applications or services communicating with Azure Key Vault should enforce the desired TLS version, such as TLS 1.2.
In short for Azure Key Vault, the emphasis is on ensuring that the client applications and services that interact with the Key Vault are configured to use the desired TLS version, as the service itself does not provide a direct mechanism to enforce a minimum TLS version.
Azure Kubernetes Service (AKS):
Configuring TLS/SSL settings for AKS primarily involves the use of an ingress controller.
TLS can be used with an ingress controller to secure communication between applications. The NGINX ingress controller, for example, supports TLS termination. Certificates for HTTPS can be retrieved and configured in several ways, including automatic generation and management through cert-manager. In short, there is no option from the Azure portal to flip a switch and choose the minimum TLS version.
Azure Active Directory (AAD):
For configuring TLS/SSL settings in Azure Active Directory (Azure AD) or Microsoft Entra ID, the focus is primarily on ensuring that the client-side applications and systems interacting with Azure AD support the required TLS version. Based on the latest Microsoft documentation:
- Update Client Applications and Services:
- Ensure that any applications communicating with or authenticating against Microsoft Entra ID can use TLS 1.2. This includes applications like Microsoft Entra Connect, Microsoft Graph PowerShell, and others.
- Update Operating Systems and .NET Framework:
- Configure both client and server operating systems to support TLS 1.2 and contemporary cipher suites. This might involve updating the Windows OS and the default TLS for "WinHTTP".
- Update and configure your .NET Framework installation to support TLS 1.2.
- Check and Update Web Browsers and Proxies:
- Ensure that web browsers and web proxies used in your environment support TLS 1.2. This may include updating to the latest versions and checking the vendor's documentation for TLS support.
If you find the provided information helpful and it resolves your query, please consider accepting the answer. Your feedback is valuable and helps ensure the quality and relevance of the responses.