Merge pull request #264147 from spelluru/egridtls0124

min TLS for an event subscription

Author: v-regandowner

articles/event-grid/media/transport-layer-security-configure-minimum-version/create-subscription-tls-settings.png

@@ -12,23 +12,25 @@ ms.date: 01/24/2024
 
 Azure Event Grid topics or domains permit clients to send and receive data with TLS 1.0 and above. To enforce stricter security measures, you can configure your Event Grid topic or domain to require that clients send and receive data with a newer version of TLS. If an Event Grid topic or domain requires a minimum version of TLS, then any requests made with an older version fail. For conceptual information about this feature, see [Enforce a minimum required version of Transport Layer Security (TLS) for requests to an Event Grid topic or domain](transport-layer-security-enforce-minimum-version.md).
 
+When creating a Web Hook event subscription, you can configure it to use the same TLS version as the topic or explicitly specify the minimum TLS version. If you do so, Event Grid fails to deliver events to a Web Hook that doesn't support the minimum version of TLS or higher.
+
 You can configure the minimum TLS version using the Azure portal or Azure Resource Manager (ARM) template. 
 
 > [!NOTE]
 > The screenshots and the sample Resource Manager templates are for Event Grid topics. The screenshots and template for domains are similar. 
 
-## Specify the minimum TLS version in the Azure portal
-You can specify the minimum TLS version when creating an Event Grid topic or a domain in the Azure portal on the **Security** tab. 
+## Configure minimum TLS version for a topic or a domain in the Azure portal
+You can specify the minimum TLS version when creating an Event Grid topic or a domain in the Azure portal on the **Security** tab. The screenshots are for an Event Grid topic and the user interface for configuring this property for a domain is similar. 
 
 :::image type="content" source="./media/transport-layer-security-configure-minimum-version/create-topic-tls.png" alt-text="Screenshot showing the page to set the minimum TLS version when creating an Event Grid topic.":::
 
 You can also specify the minimum TLS version for an existing topic on the **Configuration** page.
 
 :::image type="content" source="./media/transport-layer-security-configure-minimum-version/existing-topic-tls.png" alt-text="Screenshot showing the page to set the minimum TLS version for an existing Event Grid topic.":::
 
-## Create a template to configure the minimum TLS version
+## Configure minimum TLS version for a topic or a domain using Resource Manager template
 
-To configure the minimum TLS version for an Event Grid topic or domain with a template, create a template with the  `MinimumTlsVersion`  property set to 1.0, 1.1, or 1.2. When you create an Event Grid topic or domain with an Azure Resource Manager template, the `MinimumTlsVersion` property is set to 1.2 by default, unless explicitly set to another version.
+To configure the minimum TLS version for an Event Grid topic or domain with a template, create a template with the  `MinimumTlsVersion`  property set to 1.0, 1.1, or 1.2. When you create an Event Grid topic or domain with an Azure Resource Manager template, the `MinimumTlsVersion` property is set to 1.2 by default, unless explicitly set to another version  The sample template in this article is for an Event Grid topic and the template for configuring the TLS version for a domain is similar. 
 
 The following steps describe how to create a template in the Azure portal.
 
@@ -68,6 +70,14 @@ The following steps describe how to create a template in the Azure portal.
 > After you update the minimum TLS version for the Event Grid topic or domain, it may take up to 30 seconds before the change is fully propagated.
 
 
+## Configure minimum TLS version for a Web Hook event subscription
+When creating a Web Hook event subscription, you can configure it to use the same TLS version as the topic or explicitly specify the minimum TLS version. 
+
+:::image type="content" source="./media/transport-layer-security-configure-minimum-version/create-subscription-tls-settings.png" alt-text="Screenshot showing the page to set the minimum TLS version when creating an event subscription to an Event Grid topic.":::
+
+For an existing Web Hook event subscription, navigate to the **Event Subscription** page and then you can update the TLS setting on the **Additional features** tab. By default, the event subscription uses the same TLS version as the topic. 
+
+ 
 ## Next steps
 
 For more information, see the following article: [Enforce a minimum required version of Transport Layer Security (TLS) for requests to an Event Grid topic or domain](transport-layer-security-enforce-minimum-version.md).

articles/event-grid/transport-layer-security-configure-minimum-version.md

@@ -1,20 +1,22 @@
 ---
-title: Enforce a minimum TLS version for requests to an Azure Event Grid topic or domain
-description: Configure an Azure Event Grid topic or domain to require a minimum version of Transport Layer Security (TLS) for clients making requests against the topic or domain.
+title: Enforce a minimum TLS version for requests to an Azure Event Grid topic, domain, or subscription
+description: Configure an Azure Event Grid topic or domain to require a minimum version of Transport Layer Security (TLS) for clients making requests against the topic, domain, or subscription.
 ms.service: event-grid
-ms.topic: conceptual
+ms.topic: how-to
 ms.date: 01/22/2024
 ms.author: spelluru
 author: spelluru
 ---
 
-# Enforce a minimum required version of Transport Layer Security (TLS) for requests to an Event Grid topic or domain
+# Enforce a minimum required version of Transport Layer Security (TLS) for an Event Grid topic, domain, or subscription
 
-Communication between a client application and an Azure Grid topic or domain is encrypted using Transport Layer Security (TLS). TLS is a standard cryptographic protocol that ensures privacy and data integrity between clients and services over the Internet. For more information about TLS, see [Transport Layer Security](https://datatracker.ietf.org/wg/tls/about/).
+Communication between a client application and an Azure Grid topic, domain, or subscription is encrypted using Transport Layer Security (TLS). For information about TLS in general, see [Transport Layer Security](https://datatracker.ietf.org/wg/tls/about/).
 
-Azure Event Grid supports choosing a specific TLS version for topics or domains. Currently Azure Event Grid uses TLS 1.2 on public endpoints by default, but TLS 1.0 and TLS 1.1 are still supported for backward compatibility.
+Azure Event Grid supports choosing a specific TLS version for topics, domains, or subscriptions (when using a Web Hook destination). Currently Azure Event Grid uses TLS 1.2 on public endpoints by default, but TLS 1.0 and TLS 1.1 are still supported for backward compatibility.
 
-Azure Event Grid topics or domains permit clients to send and receive data with TLS 1.0 and above. To enforce stricter security measures, you can configure your Event Grid topic or domain to require that clients send and receive data with a newer version of TLS. If an Event Grid topic or domain requires a minimum version of TLS, then any requests made with an older version fail.
+Azure Event Grid topics or domains permit clients to send and receive data with TLS 1.0 and above. To enforce stricter security measures, you can configure your Event Grid topic or domain to require that clients send and receive data with a newer version of TLS. If an Event Grid topic or domain requires a minimum version of TLS, then any requests made with an older version fail. 
+
+When creating a Web Hook event subscription, you can configure it to use the same TLS version as the topic or explicitly specify the minimum TLS version. If you do so, Event Grid will fail to deliver events to a Web Hook that doesn't support the minimum version of TLS or above.
 
 > [!IMPORTANT]
 > If the client is a service, ensure that the service uses the appropriate version of TLS to send requests to Event Grid before you set the required minimum version for an Event Grid topic or domain.