Control: App Service apps should use the latest TLS version
Description
Periodically, newer versions are released for TLS either due to security flaws, include additional functionality, and enhance speed. Upgrade to the latest TLS version for App Service apps to take advantage of security fixes, if any, and/or new functionalities of the latest version.
Usage
Run the control in your terminal:
powerpipe control run azure_compliance.control.appservice_api_app_latest_tls_versionSnapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run azure_compliance.control.appservice_api_app_latest_tls_version --shareSQL
This control uses a named query:
with all_api_app as ( select id from azure_app_service_web_app where exists ( select from unnest(regexp_split_to_array(kind, ',')) elem where elem like '%api' ))select a.id as resource, case when b.id is null then 'skip' when configuration -> 'properties' ->> 'minTlsVersion' < '1.2' then 'alarm' else 'ok' end as status, case when b.id is null then a.title || ' is ' || a.kind || ' kind.' when configuration -> 'properties' ->> 'minTlsVersion' < '1.2' then a.name || ' not using the latest version of TLS encryption.' else a.name || ' using the latest version of TLS encryption.' end as reason , a.resource_group as resource_group , sub.display_name as subscriptionfrom azure_app_service_web_app as a left join all_api_app as b on a.id = b.id, azure_subscription as subwhere sub.subscription_id = a.subscription_id;