Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Applies to: ✔️ Front Door Standard ✔️ Front Door Premium
Azure Front Door Standard and Premium offer two mechanisms for controlling TLS policy. You can use either a predefined policy or a custom policy per your own needs. If you use Azure Front Door (classic) and Microsoft CDN (classic), you'll continue to use the minimum TLS 1.2 version.
Azure Front Door offers several predefined TLS policies. You can configure your AFD with any of these policies to get the appropriate level of security. These predefined policies are configured keeping in mind the best practices and recommendations from the Microsoft Security team. We recommend that you use the newest TLS policies to ensure the best TLS security.
If a TLS policy needs to be configured for your own business and security requirements, you can use a Custom TLS policy. With a custom TLS policy, you have complete control over the minimum TLS protocol version to support, and the supported cipher suites.
In this article, you learn how to configure TLS policy on a Front Door custom ___domain.
Prerequisites
- A Front Door. For more information, see Quickstart: Create a Front Door using the Azure portal.
- A custom ___domain. If you don't have a custom ___domain, you must first purchase one from a ___domain provider. For more information, see Buy a custom ___domain name.
- If you're using Azure to host your DNS domains, you must delegate the ___domain provider's ___domain name system (DNS) to an Azure DNS. For more information, see Delegate a ___domain to Azure DNS. Otherwise, if you're using a ___domain provider to handle your DNS ___domain, see Create a CNAME DNS record.
Configure TLS policy
Go to your Azure Front Door profile that you want to configure the TLS policy for.
Under Settings, select Domains . Then select + Add to add a new ___domain.
On the Add a ___domain page, follow the instructions in Configure a custom ___domain on Azure Front Door and Configure HTTPS on an Azure Front Door custom ___domain to configure the ___domain.
For TLS policy, select the predefined policy from the dropdown list or Custom to customize the cipher suites per your needs.
You can view the supported cipher suites by selecting View policy details.
When you select Custom, you can choose the Minimum TLS version and the corresponding cipher suites by selecting Select cipher suites.
Note
You can reuse the custom TLS policy setting from other domains in the portal by selecting the ___domain in Reuse setting from other ___domain.
Select Add to add the ___domain.
Verify TLS policy configurations
View the supported cipher suite of your ___domain via www.ssllabs.com/ssltest or use the sslscan tool.