Triage and Remediation
Remediation
Using Console
Using Console
To remediate the “Configure Minimum TLS Version” misconfiguration in Azure using the Azure console, follow these steps:
- Log in to the Azure portal.
- Navigate to the resource group containing the affected resource.
- Select the resource that needs to be remediated.
- Click on the “Networking” tab in the left-hand menu.
- Scroll down to the “SSL/TLS settings” section and click on “Edit”.
- In the “Minimum TLS version” dropdown, select the desired minimum version of TLS that should be used.
- Click on “Save” to apply the changes.
- Verify that the changes have been applied by running a scan or checking the security compliance report.
Using CLI
Using CLI
To remediate the “Configure Minimum TLS Version” misconfiguration for AZURE using AZURE CLI, follow these steps:
- Open the Azure CLI and log in to your Azure account.
-
Run the following command to set the minimum TLS version to 1.2 for all web apps in your subscription:
This command uses the
az webapp config setcommand to set the minimum TLS version to 1.2 for all web apps in your subscription. The--idsparameter uses theaz webapp listcommand to get a list of all web app IDs in your subscription and passes them to theaz webapp config setcommand. -
Verify that the minimum TLS version has been set correctly by running the following command:
This command uses the
az webapp config showcommand to display the minimum TLS version for all web apps in your subscription. - Repeat the above steps for all web apps in your subscription to ensure that the minimum TLS version is set correctly for each app.
Using Python
Using Python
To remediate the “Configure Minimum TLS Version” misconfiguration in Azure using Python, you can follow the below steps:
- Import the necessary libraries:
- Set the credentials for your Azure account using ServicePrincipalCredentials:
- Create a WebSiteManagementClient object using the credentials:
- Get the resource group name and app service name for the app you want to remediate:
- Get the current TLS version settings for the app:
- Check if the current TLS version is less than the desired version (e.g. TLS 1.2):
- If the current TLS version is less than the desired version, update the app settings to set the minimum TLS version to TLS 1.2.