App Service should use the latest version of TLS encryption


Warning: This rule will be deprecated 18 December 2023 as part of the update to Azure CIS version 2.0.0


The TLS (Transport Layer Security) protocol secures transmission of data over the internet using standard encryption technology. Encryption should be set with the latest version of TLS. App Service uses TLS 1.2 by default, which is the recommended TLS level by industry standards, such as PCI DSS.


App Service currently allows web apps to set TLS versions 1.0, 1.1 and 1.2. It is highly recommended to use the latest TLS 1.2 version for a secure connection.


From the console

  1. Login to Azure Portal using
  2. Go to App Services
  3. Click on each app
  4. Under the Settings section, click on SSL settings
  5. Under Protocol Settings, set Minimum TLS Version to 1.2

From the command line

To set TLS Version for an existing app, run the following command: az webapp config set --resource-group <RESOURCE_GROUP_NAME> --name <APP_NAME> --min-tls-version 1.2'



CIS Controls

Version 7 7 - Email and Web Browser Protections