Merge pull request #244736 from SnehaSudhirG/12July-TLSprotocolDocUpdate

added a new section and kusto info

Author: ttorble

articles/automation/automation-managing-data.md

@@ -3,7 +3,7 @@ title: Azure Automation data security
 description: This article helps you learn how Azure Automation protects your privacy and secures your data.
 services: automation
 ms.subservice: shared-capabilities
-ms.date: 05/26/2023
+ms.date: 08/01/2023
 ms.topic: conceptual 
 ms.custom:
 ---
@@ -12,7 +12,7 @@ ms.custom:
 
 This article contains several topics explaining how data is protected and secured in an Azure Automation environment.
 
-## TLS 1.2 for Azure Automation
+## TLS 1.2 or higher for Azure Automation
 
 To ensure the security of data in transit to Azure Automation, we strongly encourage you to configure the use of Transport Layer Security (TLS) 1.2. The following are a list of methods or clients that communicate over HTTPS to the Automation service:
 
@@ -26,6 +26,53 @@ Older versions of TLS/Secure Sockets Layer (SSL) have been found to be vulnerabl
 
 For information about TLS 1.2 support with the Log Analytics agent for Windows and Linux, which is a dependency for the Hybrid Runbook Worker role, see [Log Analytics agent overview - TLS 1.2](..//azure-monitor/agents/log-analytics-agent.md#tls-12-protocol).
 
+### Upgrade TLS protocol for Hybrid Workers and Webhook calls
+
+From **30 October 2023**, all agent-based and extension-based User Hybrid Runbook Workers using Transport Layer Security (TLS) 1.0 and 1.1 protocols would no longer be able to connect to Azure Automation and all jobs running or scheduled on these machines would fail. 
+
+Ensure that the Webhook calls that trigger runbooks navigate on TLS 1.2 or higher. Ensure to make registry changes so that Agent and Extension based workers negotiate only on TLS 1.2 and higher protocols. Learn how to [disable TLS 1.0/1.1 protocols on Windows Hybrid Worker and enable TLS 1.2 or above](https://learn.microsoft.com/system-center/scom/plan-security-tls12-config?view=sc-om-2022#configure-windows-operating-system-to-only-use-tls-12-protocol) on Windows machine. 
+
+For Linux Hybrid Workers, run the following Python script to upgrade to the latest TLS protocol.
+
+```python
+import os
+
+# Path to the OpenSSL configuration file as per Linux distro
+openssl_conf_path = "/etc/ssl/openssl.cnf"
+
+# Open the configuration file for reading
+with open(openssl_conf_path, "r") as f:
+    openssl_conf = f.read()
+
+# Check if a default TLS version is already defined
+if "DEFAULT@SECLEVEL" in openssl_conf:
+    # Update the default TLS version to TLS 1.2
+    openssl_conf = openssl_conf.replace("CipherString = DEFAULT@SECLEVEL", "CipherString = DEFAULT@SECLEVEL:TLSv1.2")
+
+    # Open the configuration file for writing and write the updated version
+    with open(openssl_conf_path, "w") as f:
+        f.write(openssl_conf)
+
+    # Restart any services that use OpenSSL to ensure that the new settings are applied
+    os.system("systemctl restart apache2")
+    print("Default TLS version has been updated to TLS 1.2.")
+else:
+    # Add the default TLS version to the configuration file
+    openssl_conf += """
+    Options = PrioritizeChaCha,EnableMiddleboxCompat
+    CipherString = DEFAULT@SECLEVEL:TLSv1.2
+    MinProtocol = TLSv1.2
+    """
+
+    # Open the configuration file for writing and write the updated version
+    with open(openssl_conf_path, "w") as f:
+        f.write(openssl_conf)
+
+    # Restart any services that use OpenSSL to ensure that the new settings are applied
+    os.system("systemctl restart apache2")
+    print("Default TLS version has been added as TLS 1.2.")
+```
+
 ### Platform-specific guidance
 
 |Platform/Language | Support | More Information |

articles/automation/automation-network-configuration.md

@@ -2,7 +2,7 @@
 title: Azure Automation network configuration details
 description: This article provides details of network information required by Azure Automation State Configuration, Azure Automation Hybrid Runbook Worker, Update Management, and Change Tracking and Inventory
 ms.topic: conceptual
-ms.date: 01/26/2021
+ms.date: 08/01/2023
 ---
 
 # Azure Automation network configuration details
@@ -28,9 +28,9 @@ If you have an Automation account that's defined for a specific region, you can
 
 If your nodes are located in a private network, the port and URLs defined above are required. These resources provide network connectivity for the managed node and allow DSC to communicate with Azure Automation.
 
-If you are using DSC resources that communicate between nodes, such as the [WaitFor* resources](/powershell/dsc/reference/resources/windows/waitForAllResource), you also need to allow traffic between nodes. See the documentation for each DSC resource to understand these network requirements.
+If you are using DSC resources that communicate between nodes, such as the [WaitFor resources](/powershell/dsc/reference/resources/windows/waitForAllResource), you also need to allow traffic between nodes. See the documentation for each DSC resource to understand these network requirements.
 
-To understand client requirements for TLS 1.2, see [TLS 1.2 for Azure Automation](automation-managing-data.md#tls-12-for-azure-automation).
+To understand client requirements for TLS 1.2 or higher, see [TLS 1.2 or higher for Azure Automation](automation-managing-data.md#tls-12-or-higher-for-azure-automation).
 
 ## Update Management and Change Tracking and Inventory
 

articles/automation/automation-webhooks.md

@@ -3,7 +3,7 @@ title: Start an Azure Automation runbook from a webhook
 description: This article tells how to use a webhook to start a runbook in Azure Automation from an HTTP call.
 services: automation
 ms.subservice: process-automation
-ms.date: 05/09/2022
+ms.date: 08/01/2023
 ms.topic: conceptual 
 ms.custom: devx-track-azurepowershell, devx-track-arm-template
 ---
@@ -17,7 +17,7 @@ A webhook allows an external service to start a particular runbook in Azure Auto
 
 ![WebhooksOverview](media/automation-webhooks/webhook-overview-image.png)
 
-To understand client requirements for TLS 1.2 with webhooks, see [TLS 1.2 for Azure Automation](automation-managing-data.md#tls-12-for-azure-automation).
+To understand client requirements for TLS 1.2 or higher with webhooks, see [TLS 1.2 or higher for Azure Automation](automation-managing-data.md#tls-12-or-higher-for-azure-automation).
 
 ## Webhook properties
 

articles/automation/change-tracking/overview-monitoring-agent.md

@@ -3,7 +3,7 @@ title: Azure Automation Change Tracking and Inventory overview using Azure Monit
 description: This article describes the Change Tracking and Inventory feature using Azure monitoring agent (Preview), which helps you identify software and Microsoft service changes in your environment.
 services: automation
 ms.subservice: change-inventory-management
-ms.date: 07/17/2023
+ms.date: 08/01/2023
 ms.topic: conceptual
 ---
 
@@ -60,7 +60,7 @@ The following table shows the tracked item limits per machine for change trackin
 
 Change Tracking and Inventory is supported on all operating systems that meet Azure Monitor agent requirements. See [supported operating systems](../../azure-monitor/agents/agents-overview.md#supported-operating-systems) for a list of the Windows and Linux operating system versions that are currently supported by the Azure Monitor agent.
 
-To understand client requirements for TLS 1.2, see [TLS 1.2 for Azure Automation](../automation-managing-data.md#tls-12-for-azure-automation).
+To understand client requirements for TLS 1.2 or higher, see [TLS 1.2 or higher for Azure Automation](../automation-managing-data.md#tls-12-or-higher-for-azure-automation).
 
 
 ## Enable Change Tracking and Inventory

articles/automation/change-tracking/overview.md

@@ -3,8 +3,8 @@ title: Azure Automation Change Tracking and Inventory overview
 description: This article describes the Change Tracking and Inventory feature, which helps you identify software and Microsoft service changes in your environment.
 services: automation
 ms.subservice: change-inventory-management
+ms.date: 08/01/2023
 ms.custom: devx-track-linux
-ms.date: 02/27/2023
 ms.topic: conceptual
 ---
 
@@ -64,7 +64,7 @@ For limits that apply to Change Tracking and Inventory, see [Azure Automation se
 
 Change Tracking and Inventory is supported on all operating systems that meet Log Analytics agent requirements. See [supported operating systems](../../azure-monitor/agents/agents-overview.md#supported-operating-systems) for a list of the Windows and Linux operating system versions that are currently supported by the Log Analytics agent.
 
-To understand client requirements for TLS 1.2, see [TLS 1.2 for Azure Automation](../automation-managing-data.md#tls-12-for-azure-automation).
+To understand client requirements for TLS 1.2 or higher, see [TLS 1.2 or higher for Azure Automation](../automation-managing-data.md#tls-12-or-higher-for-azure-automation).
 
 ### Python requirement
 

articles/automation/update-management/operating-system-requirements.md

@@ -3,7 +3,7 @@ title: Azure Automation Update Management Supported Clients
 description: This article describes the supported Windows and Linux operating systems with Azure Automation Update Management.
 services: automation
 ms.subservice: update-management
-ms.date: 04/17/2023
+ms.date: 08/01/2023
 ms.topic: conceptual
 ---
 
@@ -59,7 +59,7 @@ The following table lists operating systems not supported by Update Management:
 
 ## System requirements
 
-The section describes operating system-specific requirements. For additional guidance, see [Network planning](plan-deployment.md#ports). To understand requirements for TLS 1.2, see [TLS 1.2 for Azure Automation](../automation-managing-data.md#tls-12-for-azure-automation).
+The section describes operating system-specific requirements. For additional guidance, see [Network planning](plan-deployment.md#ports). To understand requirements for TLS 1.2 or higher, see [TLS 1.2 or higher for Azure Automation](../automation-managing-data.md#tls-12-or-higher-for-azure-automation).
 
 # [Windows](#tab/sr-win)
 

articles/automation/whats-new-archive.md

@@ -3,7 +3,7 @@ title: Archive for What's new in Azure Automation
 description: The What's new release notes in the Overview section of this content set contain six months of activity. Thereafter, the items are removed from the main article and put into this article.
 services: automation
 ms.topic: overview
-ms.date: 10/27/2021
+ms.date: 08/01/2023
 ms.custom: references_regions
 ---
 
@@ -316,7 +316,7 @@ Automation support of service tags allows or denies the traffic for the Automati
 
 **Type:** Plan for change
 
-Azure Automation fully supports [TLS 1.2](../automation/automation-managing-data.md#tls-12-for-azure-automation) and all client calls (through webhooks, DSC nodes, and hybrid worker). TLS 1.1 and TLS 1.0 are still supported for backward compatibility with older clients until customers standardize and fully migrate to TLS 1.2.
+Azure Automation fully supports [TLS 1.2 or higher](../automation/automation-managing-data.md#tls-12-or-higher-for-azure-automation) and all client calls (through webhooks, DSC nodes, and hybrid worker). TLS 1.1 and TLS 1.0 are still supported for backward compatibility with older clients until customers standardize and fully migrate to TLS 1.2.
 
 ## January 2020