TLS 1.2 version usage on app service

Question

TLS 1.2 version usage on app service

bala sai 0

We have enabled HIPAA policies and one of the initiative says app service should have latest version of TLS. Although we are using 1.2 TLS version then why it still flagging as non complaint, However, TLS 1.3 is the latest version but even though TLS 1.2 accepted and none of the article says TLS 1.2 is deprecated.

Alekhya Vaddepally 1,670 Reputation points Microsoft External Staff Moderator

2025-05-23T20:01:04.3666667+00:00

Hi bala sai,
Azure policy and safety initiatives often look for "the latest and safest" configurations, not just "supported". While TLS 1.2 is accepted, the policy can mark your app service as it is not implementing TLS 1.3, or because the minimum TLS version is not clearly set at the service level.

Check that your app service is clearly configured to apply TLS 1.2 as a minimum version, and if possible, plan to support TLS 1.3 when Azure App Services start supporting it more widely. So far, Azure App Services TLS supports up to 1.2, and TLS 1.3 is not yet available in all areas/services for app services.

Go to your app service configuration in Azure portal and navigate on

TLS/SSL Settings> Protocol Settings. Verify the 'minimum TLS version' setting. It should be set at least TLS 1.2.

Documentation of your configuration in case of policy audit, showing that you are clearly applied to TLS 1.2.

Monitor the Azure support of TLS 1.3 on app services, so that you can upgrade after officially available.
https://techcommunity.microsoft.com/blog/appsonazureblog/upcoming-tls-1-3-on-azure-app-service-for-web-apps-functions-and-logic-apps-stan/3974138
https://learn.microsoft.com/en-us/azure/app-service/overview-tls
if you have any further concerns or queries, please feel free to reach out to us.
Alekhya Vaddepally 1,670 Reputation points Microsoft External Staff Moderator

2025-05-26T16:18:46.4433333+00:00

Hi bala sai,
We haven’t heard from you on the last response and was just checking back to see if you have a resolution yet. In case if you have any resolution, please do share that same with the community as it can be helpful to others. Otherwise, will respond with more details and we will try to help.
bala sai 0 Reputation points

2025-05-27T14:03:57.5+00:00

Thanks for the Quick response Alekhya, As per your note if I'm setting my minimum TLS Version to 1.2 in my app service will it goes to compliance state?
Alekhya Vaddepally 1,670 Reputation points Microsoft External Staff Moderator

2025-05-28T17:15:45.9866667+00:00

Hi bala sai, We haven’t heard from you on the last response and was just checking back to see if you have a resolution yet. In case if you have any resolution, please do share that same with the community as it can be helpful to others. Otherwise, will respond with more details and we will try to help.
Alekhya Vaddepally 1,670 Reputation points Microsoft External Staff Moderator

2025-05-30T16:20:49.5966667+00:00

Hi bala sai, We haven’t heard from you on the last response and was just checking back to see if you have a resolution yet. In case if you have any resolution, please do share that same with the community as it can be helpful to others. Otherwise, will respond with more details and we will try to help.

1 answer

Your answer

Alekhya Vaddepally 1,670 Reputation points Microsoft External Staff Moderator

2025-05-23T20:01:04.3666667+00:00

Hi bala sai,
Azure policy and safety initiatives often look for "the latest and safest" configurations, not just "supported". While TLS 1.2 is accepted, the policy can mark your app service as it is not implementing TLS 1.3, or because the minimum TLS version is not clearly set at the service level.

Check that your app service is clearly configured to apply TLS 1.2 as a minimum version, and if possible, plan to support TLS 1.3 when Azure App Services start supporting it more widely. So far, Azure App Services TLS supports up to 1.2, and TLS 1.3 is not yet available in all areas/services for app services.

Go to your app service configuration in Azure portal and navigate on

TLS/SSL Settings> Protocol Settings. Verify the 'minimum TLS version' setting. It should be set at least TLS 1.2.

Documentation of your configuration in case of policy audit, showing that you are clearly applied to TLS 1.2.

Monitor the Azure support of TLS 1.3 on app services, so that you can upgrade after officially available.
https://techcommunity.microsoft.com/blog/appsonazureblog/upcoming-tls-1-3-on-azure-app-service-for-web-apps-functions-and-logic-apps-stan/3974138
https://learn.microsoft.com/en-us/azure/app-service/overview-tls
if you have any further concerns or queries, please feel free to reach out to us.
Alekhya Vaddepally 1,670 Reputation points Microsoft External Staff Moderator

2025-05-26T16:18:46.4433333+00:00

Hi bala sai,
We haven’t heard from you on the last response and was just checking back to see if you have a resolution yet. In case if you have any resolution, please do share that same with the community as it can be helpful to others. Otherwise, will respond with more details and we will try to help.
bala sai 0 Reputation points

2025-05-27T14:03:57.5+00:00

Thanks for the Quick response Alekhya, As per your note if I'm setting my minimum TLS Version to 1.2 in my app service will it goes to compliance state?
Alekhya Vaddepally 1,670 Reputation points Microsoft External Staff Moderator

2025-05-28T17:15:45.9866667+00:00

Hi bala sai, We haven’t heard from you on the last response and was just checking back to see if you have a resolution yet. In case if you have any resolution, please do share that same with the community as it can be helpful to others. Otherwise, will respond with more details and we will try to help.
Alekhya Vaddepally 1,670 Reputation points Microsoft External Staff Moderator

2025-05-30T16:20:49.5966667+00:00

Hi bala sai, We haven’t heard from you on the last response and was just checking back to see if you have a resolution yet. In case if you have any resolution, please do share that same with the community as it can be helpful to others. Otherwise, will respond with more details and we will try to help.

Answer 1

Hi bala sai,
TLS 1.2 is actually widely accepted and used as a default version for Azure App service. As long as you have set your minimum TLS version 1.2 in the Azure portal, you should complete that compliance focus.

However, some compliance initiative may look for full latest safe protocols, which is currently TLS 1.3. If the policy emphasizes the "latest version", it can flag down your app service as it does not yet support TLS 1.3, or because it is not set as a minimum version if that option is available.

You can go to your azure portal and check:

Navigate your app on service. Go to TLS/SSL Settings.-> protocol settings, ensure that the 'minimum TLS version' is set on TLS 1.2.

Keep a record of this configuration change for any compliance audit, as it shows that you are following TLS 1.2 as the minimum version.

Finally, keep an eye on the Azure update about TLS 1.3 support for app services and consider the plan to adopt it after being available in your area.
https://learn.microsoft.com/en-us/azure/app-service/overview-tls
if you have any further concerns or queries, please feel free to reach out to us.

Share via

TLS 1.2 version usage on app service

1 answer

Your answer