Azure TLS Enforcement Varies by Service

• Azure services vary widely in their enforcement of the TLS 1.2 encryption protocol, which eliminates vulnerabilities of earlier protocols.
• Organizations should review the types of Azure services they have deployed and the TLS support policies for those services.
• Services could discontinue support for older protocols, which may require organizations to update or reconfigure software.

Azure offers dozens of services, and although they communicate internally using Transport Layer Security (TLS) 1.2, there is no overall standard regarding the encryption protocol they use to communicate with external applications.

TLS 1.2 Recommended, Updates May Be Required

The TLS protocol replaced Secure Sockets Layer (SSL) for encrypting network communications. SSL and versions of TLS prior to 1.2 have been found to have vulnerabilities, and it is a best practice to use TLS 1.2 or later. (TLS 1.3 is the latest version.)

Certain software, such as OSs and Web browsers, requires configuration to use TLS 1.2 or later. Windows 8 and later and Windows Server 2012 and later use TLS 1.2 by default. Applications may require code changes to work with TLS 1.2 in cases where earlier encryption protocols were expected or hard-coded.