> ## Documentation Index
> Fetch the complete documentation index at: https://help.dsalta.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Azure Web App should use the latest TLS version

> Checks that Azure Web Apps are using the latest TLS version.

Checks that Azure Web Apps are using the latest TLS version.

## About

When you connect Microsoft Azure to DSALTA, the platform evaluates this control on every sync using read-only API access. If the requirement is not met, DSALTA activates this check.

## Why This Matters

Traffic sent over plain HTTP can be intercepted or tampered with in transit. Enforcing HTTPS with a current TLS version protects data confidentiality and integrity and is a baseline requirement for PCI DSS, SOC 2, and GDPR.

## How to Fix

**Before you begin**

* Ensure you have **Contributor** access to the Azure subscription.

**Enforce the latest TLS version**

1. Sign in to the [Azure Portal](https://portal.azure.com/) and open the resource (**Storage account** or **App Service**).
2. For storage, open **Configuration** and set **Minimum TLS version** to **1.2**.
3. For App Service, open **Configuration → General settings** and set **Minimum Inbound TLS Version** to **1.2**.
4. Save the change.

Once the minimum TLS version is enforced, DSALTA retrieves the change on the next sync and sets the check status to **Passing**.

## Frequently Asked Questions

<AccordionGroup>
  <Accordion title="How often does this check run?">
    This check runs automatically every 24 hours while the Microsoft Azure integration is connected. You can also trigger a manual sync from **Integrations** in the sidebar.
  </Accordion>

  <Accordion title="What happens if it keeps failing?">
    A failing check appears in your **Data Library → Tests** dashboard. Work through the steps above; once the underlying configuration is fixed, the status updates automatically on the next sync.
  </Accordion>

  <Accordion title="Can I exclude this check?">
    Yes. If it does not apply to your environment, mark it as **Not Applicable** with a justification. The exclusion is documented for auditors.
  </Accordion>

  <Accordion title="Does DSALTA change my Microsoft Azure configuration?">
    No. DSALTA uses **read-only API access** and never modifies, creates, or deletes resources. All remediation is performed by your team directly in Microsoft Azure.
  </Accordion>
</AccordionGroup>