@Randall Breneman , Adding more info:
The setting in the Azure portal affects incoming requests. The response to those incoming requests will use the same version, as it’s the same connection.
Outbound requests (ServicePointManager.SecurityProtocol
), is actually referring to outbound connections made independently (not in response to an incoming request).
I'm afraid that assumption is not correct. The initial request decides the version, the only question is whether that request is considered incoming or outgoing from your service’s perspective.
The SecurityProtocol setting chooses the TLS version for requests you initiate. Because you can’t override the version on the response to an incoming request, your only choice is to block incoming requests not using TLS 1.2. That’s what the Azure portal setting is for, and why this has to be specified in two places to begin with.
If all of your requests start as inbound, only the Azure portal setting matters. If you’re calling out to a third-party service, from your service, then SecurityProtocol may matter.