MicrosoftHi Alex and team.
Our company is using Azure application proxy for a number of mission critical apps and we like it a lot.
Thousands of our employees use it daily and it made them more productive (no more VPN).
However, there is a problem with a product.
Our security team recently found out that Azure proxy is using outdated cipher suites (CBC).
We created an incident with premier support and they were not very helpful.
After 3 months of buck passing they finally told us that they cannot fix it, since TLS is terminated on Azure LB which is shared and if they disable CBC suites, old clients (like Windows XP) may have issues accessing websites behind the proxy. We don't have any Windows XP systems, but since Azure LBs are shared between clients, other companies may have issues if they disable these cipher suites.
The problem is if we don't fix that issue, we will have to stop using Azure proxy, which will be catastrophic since it will affect thousands of our employees who use it every singe day.
Is there anything that can be done to help us? Maybe have a dedicated Azure LB per organization or allow to change azure proxy security settings per tenant?
Thank you very much in advance!
User Voice ticket:
