Share via

webhook enablement error

Gupta, Garima 20 Reputation points
2024-07-26T04:54:37.5533333+00:00

Hi, we have enabled to defender at blob storage level. We have assigned the eventgrid to capture the defender results in case of malware detection. We want to attach a webhook to eventgrid subscription to notify the malware errors in API. It throws error MinimumTLS version is not supported by webhook endpoint.

Please help.

Azure Blob Storage
Azure Blob Storage
An Azure service that stores unstructured data in the cloud as blobs.
2,657 questions
Microsoft Defender for Cloud
Microsoft Defender for Cloud
An Azure service that provides threat protection for workloads running in Azure, on-premises, and in other clouds. Previously known as Azure Security Center and Azure Defender.
1,285 questions
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Amrinder Singh 4,995 Reputation points Microsoft Employee
    2024-07-26T05:42:05.4766667+00:00

    Hi Gupta, Garima - Thanks for reaching out over Q&A Forum.

    Azure Event Grid supports choosing a specific TLS version for topics, domains, or subscriptions (when using a Web Hook destination). Although TLS1.2 is selected by default but TLS1.0 and 1.1 is also supported for backward compatibility.

    When creating a Web Hook event subscription, you can configure it to use the same TLS version as the topic or explicitly specify the minimum TLS version. If you do so, Event Grid will fail to deliver events to a Web Hook that doesn't support the minimum version of TLS or above.

    https://learn.microsoft.com/en-us/azure/event-grid/transport-layer-security-enforce-minimum-version

    https://learn.microsoft.com/en-us/azure/event-grid/transport-layer-security-configure-minimum-version

    Can you please verify the TLS version you have configured and then test ahead accordingly.

    Hope that helps!

    Please let me know if there are any further queries/concerns, will be glad to assist.

    Please do not forget to "Accept the answer” and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.

  2. Nehruji R 4,846 Reputation points Microsoft Vendor
    2024-07-29T05:26:01.8533333+00:00

    Hello Gupta, Garima,

    Greetings! Welcome to Microsoft Q&A Platform.

    I understand that you’re encountering an issue with the TLS version supported by your webhook endpoint. Azure Event Grid topics or domains permit clients to send and receive data with TLS 1.0 and above. To enforce stricter security measures, you can configure your Event Grid topic or domain to require that clients send and receive data with a newer version of TLS. If an Event Grid topic or domain requires a minimum version of TLS, then any requests made with an older version fail. For conceptual information about this feature, see Enforce a minimum required version of Transport Layer Security (TLS) for requests to an Event Grid topic or domain.

    When creating a Web Hook event subscription, you can configure it to use the same TLS version as the topic or explicitly specify the minimum TLS version. If you do so, Event Grid fails to deliver events to a Web Hook that doesn't support the minimum version of TLS or higher.

    Try to perform the endpoint validation and for more details you can refer to this document and ensure that your webhook endpoint is using a valid certificate from a trusted Certificate Authority (CA). Self-signed certificates are not supported for webhook validation.

    Similar thread for reference - https://stackoverflow.com/questions/69556360/creating-azure-event-grid-webhook-subscription-fails-tls-handshake.

    Hope this information helps! please let us know if you have any further queries. I’m happy to assist you further.

    Please "Accept the answer” and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.

    0 comments