Share via

Find all web apps and function apps that are below TLS 1.2

SR 20 Reputation points
2025-02-12T12:57:35.6566667+00:00

In Azure Advisor I have the following security advisories:

  1. TLS should be updated to the latest version for web apps
  2. TLS should be updated to the latest version for function apps

How can I get a list of all of the affected resources that are not set to TLS 1.2? I am able to view resources that aren't TLS 1.2 for storage accounts using Azure Resource Graph Explorer and the query below. Is this possible for function apps and web apps? I tried using the type "Microsoft.Web/sites" and "Microsoft.Web/sites/functions", but it only yields 0 results.

resources

| where type == "microsoft.storage/storageaccounts"

| where properties['minimumTlsVersion'] != "TLS1_2"

| project name, resourceGroup, properties.minimumTlsVersion

Azure Functions
Azure Functions
An Azure service that provides an event-driven serverless compute platform.
5,414 questions
0 comments
Accepted answer
  1. Martin Brandl 470 Reputation points MVP
    2025-02-12T13:05:45.61+00:00

    The query should work like this (not tested):

    resources
| where type == "microsoft.web/sites"
| extend tlsVersion = tostring(properties.siteConfig.minimumTlsVersion)
| where tlsVersion != "1.2"

    I can also recommend Azure Quick Review (https://github.com/Azure/azqr) which is a CLI that can also list you that ressources.

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.