Azure Resource Manager will stop supporting protocols older than TLS 1.2

Question

Azure Resource Manager will stop supporting protocols older than TLS 1.2

Thin Tran Van 20

Hello,

We received the following message from Microsoft Japan:

日本マイクロソフトから、
 
Subscription 1: ****
Subscription 2: ****
 
以上のサブスクリプションにおいて、TLS 1.2 未満のリクエストが多数Azure Resource Managerに対して実行されている状況のようですが、以下リンクの通り、2025年3月1日までにTLS1.2より古いプロトコルのサポートが停止される予定となっているため、未対応の場合、下記リンクを参考にAzure を呼び出すクライアントで TLS 1.2 以降が使用されるようご対応をするように、とのメッセージが届きました。
Azure Resource Manager でサポートされている TLS バージョン - Azure Resource Manager | Microsoft Learn <https://learn.microsoft.com/ja-jp/azure/azure-resource-manager/management/tls-support>

We have checked all the resources in Subscription 1 and Subscription 2, and none of them are using protocols older than TLS 1.2. The browsers we use to access the Azure Portal also do not use protocols older than TLS 1.2.

We would like to ask the following two questions:

To the extent possible, could you provide details on what kind of TLS 1.0 and/or TLS 1.1 communications were detected?
Can we assume that there is currently no issue?

Thank you.

Madugula Jahnavi 495 Reputation points Microsoft External Staff Moderator

2025-04-24T14:38:46.85+00:00

Hello Thin Tran Van, It does not provide specific connection logs or IP-level traces in these notices unless you escalate. The notifications are often automated, based on telemetry from the Azure Resource Manager (ARM) endpoint.
Thin Tran Van 20 Reputation points

2025-04-25T02:39:47.1+00:00

Hello @Madugula Jahnavi
I would like to address the two questions I raised earlier. After receiving the notification from Microsoft, we conducted a thorough review and found no resources using protocols lower than TLS 1.2.
Madugula Jahnavi 495 Reputation points Microsoft External Staff Moderator

2025-04-25T14:59:36.4066667+00:00

Got it. Can you check this MSDoc if this works for you!
Madugula Jahnavi 495 Reputation points Microsoft External Staff Moderator

2025-04-28T14:41:50.69+00:00

Thin Tran Van, We haven't heard any response from you. Could you respond with the current issue status after the above steps or doc!
Thin Tran Van 20 Reputation points

2025-04-28T14:53:45.5533333+00:00

@Madugula Jahnavi Unfortunately, this has not been helpful for us; we are still unable to identify the requests under TLS 1.2 mentioned in Microsoft's notification. Our two questions also remain unanswered.
Madugula Jahnavi 495 Reputation points Microsoft External Staff Moderator

2025-04-28T16:33:07.8666667+00:00

Thin Tran Van Ok I understand the issue. I will explore from my side and provide you some insights. Thanks for your patience!
Madugula Jahnavi 495 Reputation points Microsoft External Staff Moderator

2025-04-28T16:39:54.9366667+00:00

Thin Tran Van, Can you check and confirm if any new resources or any third party connections are there which is using older TLS?
Thin Tran Van 20 Reputation points

2025-04-28T16:46:07.3366667+00:00

@Madugula Jahnavi We have reviewed all resources and connections but did not detect any requests using TLS versions lower than 1.2. Therefore, we are creating this Q&A to seek support.
SadiqhAhmed-MSFT 48,811 Reputation points Microsoft Employee Moderator

2025-05-05T16:54:53.75+00:00

@Thin Tran Van Sorry for the inconvenience caused to you!

Did you receive this message as an email or as Azure Advisor notification?

It appears that many requests below TLS 1.2 are being made to Azure Resource Manager in the above subscriptions. However, as per the link below, support for protocols older than TLS 1.2 is scheduled to end by March 1, 2025. If you have not done so, we have received a message stating that you should refer to the link below and take action to ensure that clients calling Azure use TLS 1.2 or later.

TLS versions supported by Azure Resource Manager - Azure Resource Manager | Microsoft Learn <https://learn.microsoft.com/ja-jp/azure/azure-resource-manager/management/tls-support>

Could you please ensure, you are on top of these recommendations?

MS doc URL: https://learn.microsoft.com/ja-jp/azure/azure-resource-manager/management/tls-support#prepare-for-migration-to-tls-12
Thin Tran Van 20 Reputation points

2025-05-05T17:04:15.13+00:00

@SadiqhAhmed-MSFT Our customer received a notification via email in February. As mentioned above, we have checked all resources but did not detect any requests using a protocol below TLS 1.2. Could you please address my two questions?
SadiqhAhmed-MSFT 48,811 Reputation points Microsoft Employee Moderator

2025-05-06T16:04:48.2233333+00:00

@Thin Tran Van CIL!

To the extent possible, could you provide details on what kind of TLS 1.0 and/or TLS 1.1 communications were detected?
This can be better answered by the engineering team.

Can we assume that there is currently no issue?
As long as you are on TLS 1.2, there shouldn't be any issues.
Thin Tran Van 20 Reputation points

2025-05-07T01:46:18.0933333+00:00

Thank you, @SadiqhAhmed-MSFT
How can I contact the engineering team?
SadiqhAhmed-MSFT 48,811 Reputation points Microsoft Employee Moderator

2025-05-09T21:30:46.39+00:00

@Thin Tran Van Through support request.

1 answer

Your answer

Madugula Jahnavi 495 Reputation points Microsoft External Staff Moderator

2025-04-24T14:38:46.85+00:00

Hello Thin Tran Van, It does not provide specific connection logs or IP-level traces in these notices unless you escalate. The notifications are often automated, based on telemetry from the Azure Resource Manager (ARM) endpoint.
Thin Tran Van 20 Reputation points

2025-04-25T02:39:47.1+00:00

Hello @Madugula Jahnavi
I would like to address the two questions I raised earlier. After receiving the notification from Microsoft, we conducted a thorough review and found no resources using protocols lower than TLS 1.2.
Madugula Jahnavi 495 Reputation points Microsoft External Staff Moderator

2025-04-25T14:59:36.4066667+00:00

Got it. Can you check this MSDoc if this works for you!
Madugula Jahnavi 495 Reputation points Microsoft External Staff Moderator

2025-04-28T14:41:50.69+00:00

Thin Tran Van, We haven't heard any response from you. Could you respond with the current issue status after the above steps or doc!
Thin Tran Van 20 Reputation points

2025-04-28T14:53:45.5533333+00:00

@Madugula Jahnavi Unfortunately, this has not been helpful for us; we are still unable to identify the requests under TLS 1.2 mentioned in Microsoft's notification. Our two questions also remain unanswered.
Madugula Jahnavi 495 Reputation points Microsoft External Staff Moderator

2025-04-28T16:33:07.8666667+00:00

Thin Tran Van Ok I understand the issue. I will explore from my side and provide you some insights. Thanks for your patience!
Madugula Jahnavi 495 Reputation points Microsoft External Staff Moderator

2025-04-28T16:39:54.9366667+00:00

Thin Tran Van, Can you check and confirm if any new resources or any third party connections are there which is using older TLS?
Thin Tran Van 20 Reputation points

2025-04-28T16:46:07.3366667+00:00

@Madugula Jahnavi We have reviewed all resources and connections but did not detect any requests using TLS versions lower than 1.2. Therefore, we are creating this Q&A to seek support.
SadiqhAhmed-MSFT 48,811 Reputation points Microsoft Employee Moderator

2025-05-05T16:54:53.75+00:00

@Thin Tran Van Sorry for the inconvenience caused to you!

Did you receive this message as an email or as Azure Advisor notification?

It appears that many requests below TLS 1.2 are being made to Azure Resource Manager in the above subscriptions. However, as per the link below, support for protocols older than TLS 1.2 is scheduled to end by March 1, 2025. If you have not done so, we have received a message stating that you should refer to the link below and take action to ensure that clients calling Azure use TLS 1.2 or later.

TLS versions supported by Azure Resource Manager - Azure Resource Manager | Microsoft Learn <https://learn.microsoft.com/ja-jp/azure/azure-resource-manager/management/tls-support>

Could you please ensure, you are on top of these recommendations?

MS doc URL: https://learn.microsoft.com/ja-jp/azure/azure-resource-manager/management/tls-support#prepare-for-migration-to-tls-12
Thin Tran Van 20 Reputation points

2025-05-05T17:04:15.13+00:00

@SadiqhAhmed-MSFT Our customer received a notification via email in February. As mentioned above, we have checked all resources but did not detect any requests using a protocol below TLS 1.2. Could you please address my two questions?
SadiqhAhmed-MSFT 48,811 Reputation points Microsoft Employee Moderator

2025-05-06T16:04:48.2233333+00:00

@Thin Tran Van CIL!

To the extent possible, could you provide details on what kind of TLS 1.0 and/or TLS 1.1 communications were detected?
This can be better answered by the engineering team.

Can we assume that there is currently no issue?
As long as you are on TLS 1.2, there shouldn't be any issues.
Thin Tran Van 20 Reputation points

2025-05-07T01:46:18.0933333+00:00

Thank you, @SadiqhAhmed-MSFT
How can I contact the engineering team?
SadiqhAhmed-MSFT 48,811 Reputation points Microsoft Employee Moderator

2025-05-09T21:30:46.39+00:00

@Thin Tran Van Through support request.

Answer 1

Based on the information provided, here’s how you can address the situation:

Details on TLS 1.0 and TLS 1.1 Communications:

Azure Resource Manager logs may provide insights into the specific requests using older TLS protocols. You can enable diagnostic settings for Azure Resource Manager to capture detailed logs and analyze them for any occurrences of TLS 1.0 or 1.1 communications.

  Check if any legacy applications, scripts, or integrations are making API calls to Azure Resource Manager. These might be hardcoded to use older TLS versions.
  
     If you’re unable to identify the source, consider reaching out to Microsoft Support for a detailed analysis of the detected communications.
     
     **Assuming There’s No Issue**:
     
        If you’ve verified that all resources and browsers are configured to use TLS 1.2 or later, and no legacy systems are in use, it’s likely that there’s no immediate issue on your end.
        
           However, to ensure compliance and avoid disruptions, it’s recommended to monitor logs and confirm that all clients interacting with Azure are indeed using TLS 1.2 or higher.

For further guidance, you can refer to the Azure Resource Manager TLS support documentation or explore tools and methods to identify resources using older TLS versions, as outlined here.

Share via

Azure Resource Manager will stop supporting protocols older than TLS 1.2

1 answer

Your answer