Regional endpoints only support TLS 1.2

toddfoust · web-flow · commit 98a59f02f897 · 2022-12-09T16:21:21.000-05:00
As Breeze 2.0 rolls out the regional endpoints will only support TLS 1.2 clients. We need to get this documented, similar to how we documented this for Live Metrics endpoint. As part of this change, adding a column to the IP list table that helps customers identify which of those endpoints are considered 'global' versus being 'regional'.
diff --git a/articles/azure-monitor/app/ip-addresses.md b/articles/azure-monitor/app/ip-addresses.md
@@ -21,17 +21,22 @@ Alternatively, you can subscribe to this page as an RSS feed by adding https://g
 
 You need to open some outgoing ports in your server's firewall to allow the Application Insights SDK or Status Monitor to send data to the portal.
 
-| Purpose | URL | IP | Ports |
-| --- | --- | --- | --- |
-| Telemetry | dc.applicationinsights.azure.com<br/>dc.applicationinsights.microsoft.com<br/>dc.services.visualstudio.com<br/>*.in.applicationinsights.azure.com<br/><br/> || 443 |
-| Live Metrics | live.applicationinsights.azure.com<br/>rt.applicationinsights.microsoft.com<br/>rt.services.visualstudio.com<br/><br/>{region}.livediagnostics.monitor.azure.com<br/><br/>*Example for {region}: westus2<br/>Find all supported regions in [this table](#addresses-grouped-by-region-azure-public-cloud).*|20.49.111.32/29<br/>13.73.253.112/29| 443 |
+| Purpose | URL | Type |  IP | Ports |
+| --- | --- | --- | --- | --- |
+| Telemetry | dc.applicationinsights.azure.com<br/>dc.applicationinsights.microsoft.com<br/>dc.services.visualstudio.com<br/>\*.in.applicationinsights.azure.com<br/><br/> |Global<br/>Global<br/>Global<br/>Regional<br/>|| 443 |
+| Live Metrics | live.applicationinsights.azure.com<br/>rt.applicationinsights.microsoft.com<br/>rt.services.visualstudio.com<br/><br/>{region}.livediagnostics.monitor.azure.com<br/><br/>*Example for {region}: westus2<br/>Find all supported regions in [this table](#addresses-grouped-by-region-azure-public-cloud).*|Global<br/>Global<br/>Global<br/><br/>Regional<br/>|20.49.111.32/29<br/>13.73.253.112/29| 443 |
 
 > [!IMPORTANT]
 > For Live Metrics, it is *required* to add the list of IPs for the respective region aside from global IPs.
 
 > [!NOTE]
 > These addresses are listed by using Classless Interdomain Routing notation. As an example, an entry like `51.144.56.112/28` is equivalent to 16 IPs that start at `51.144.56.112` and end at `51.144.56.127`.
 
+> [!NOTE]
+> Application Insights connection-string based telemetry ingestion regional endpoints only support TLS 1.2. Telemetry global endpoints continue to support TLS 1.0 and TLS 1.1.
+> 
+> As described in the [Azure TLS 1.2 migration announcement](https://azure.microsoft.com/updates/azuretls12/), Application Insights regional endpoints only support TLS 1.2. If you're using an older version of TLS, Application Insights will not ingest any telemetry. For applications based on .NET Framework see [Transport Layer Security (TLS) best practices with the .NET Framework](https://learn.microsoft.com/dotnet/framework/network-programming/tls) to support the newer TLS version.
+
 ## Status Monitor
 
 Status Monitor configuration is needed only when you're making changes.
