I've successfully disabled the CBC-mode ciphers by changing the order of minimum TLS cipher suites for using other mode like GCM. However, it's just for the port 443 of App Services, for now not applicable to other opened ports such as the port 8172 (Web Deploy service) and the port 455 (Management), which are still using the CBC mode as the following:
Port: 8172 | Protocol: tcp
tlsv1_2:TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
tlsv1_2:TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
tlsv1_2:TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
tlsv1_2:TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
tlsv1_2:TLS_RSA_WITH_AES_256_CBC_SHA256
tlsv1_2:TLS_RSA_WITH_AES_128_CBC_SHA256
tlsv1_2:TLS_RSA_WITH_AES_256_CBC_SHA
tlsv1_2:TLS_RSA_WITH_AES_128_CBC_SHA
Port: 455 | Protocol: tcp
tlsv1_2:TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
tlsv1_2:TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
tlsv1_2:TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
tlsv1_2:TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
tlsv1_2:TLS_RSA_WITH_AES_256_CBC_SHA256
tlsv1_2:TLS_RSA_WITH_AES_128_CBC_SHA256
tlsv1_2:TLS_RSA_WITH_AES_256_CBC_SHA
tlsv1_2:TLS_RSA_WITH_AES_128_CBC_SHA
Hope that the other ports will be supported in the future.
Microsoft