Blog Post

Messaging on Azure Blog
1 MIN READ

Policy to control the minimum TLS version used with Azure Service Bus now in public preview

EldertGrootenboer's avatar
EldertGrootenboer
Icon for Microsoft rankMicrosoft
Apr 26, 2022

Communication between a client application and an Azure Service Bus namespace is encrypted using Transport Layer Security (TLS). TLS is a standard cryptographic protocol that ensures privacy and data integrity between clients and services over the Internet. For more information about TLS, see Transport Layer Security.

Azure Service Bus supports choosing a specific TLS version for namespaces. Currently Azure Service Bus uses TLS 1.2 on public endpoints by default, but TLS 1.0 and TLS 1.1 are still supported for backward compatibility.


Azure Service Bus namespaces permit clients to send and receive data with TLS 1.0 and above. To enforce stricter security measures, you can configure your Service Bus namespace to require that clients send and receive data with a newer version of TLS. If a Service Bus namespace requires a minimum version of TLS, then any requests made with an older version will fail.

To learn more, see Enforce a minimum required version of Transport Layer Security (TLS) for requests to a Service Bus namespace.

Published Apr 26, 2022
Version 1.0
azure service bus

1 Comment

Sort By
  • Jayendran's avatar
    Jayendran
    MCT
    May 09, 2022

    I think the policy to audit to control the TLS setting is still not available yet. If you tried you will get the error like

     

    autorest/azure: Service returned an error. Status=400 Code="InvalidPolicyAlias" Message="The policy definition 'gartner-governance-pd-0112' rule is invalid. The 'field' property 'Microsoft.ServiceBus/namespaces/minimumTlsVersion' of the policy rule doesn't exist as an alias under provider 'Microsoft.ServiceBus' and resource type 'namespaces'. The supported aliases are 'Microsoft.ServiceBus/namespaces/sku.name; Microsoft.ServiceBus/namespaces/sku.tier; Microsoft.ServiceBus/namespaces/sku.capacity; Microsoft.ServiceBus/namespaces/sku; Microsoft.ServiceBus/namespaces/provisioningState; Microsoft.ServiceBus/namespaces/createdAt; Microsoft.ServiceBus/namespaces/updatedAt; Microsoft.ServiceBus/namespaces/serviceBusEndpoint; Microsoft.ServiceBus/namespaces/metricId; Microsoft.ServiceBus/namespaces/zoneRedundant; Microsoft.ServiceBus/namespaces/status; Microsoft.ServiceBus/namespaces/createACSNamespace; Microsoft.ServiceBus/namespaces/enabled; Microsoft.ServiceBus/namespaces/identity.principalId; Microsoft.ServiceBus/namespaces/identity.tenantId; Microsoft.ServiceBus/namespaces/identity.type; Microsoft.ServiceBus/namespaces/identity;

     

    I got the confirmation from the microsoft support that this not supported yet. Hence they are going to update the documentation properly. So probabily we will wait until we get the official support from azure policy.