Microsoft Web App Azure App Service Compliance with PCI Standards 3.0 and 3.1

Overview
The Azure App Service: Web App is currently in compliance with PCI DSS version 3.0 Level 1. We have also noted customer requests that make reference to PCI DSS version 3.1, and specifically the change from version 3.0 to 3.1 which states that SSL and "early TLS versions ” will no longer be considered valid security options from June 30th 2018.
What this means
PCI DSS version 3.1 certification requires disabling TLS 1.0. If you are using App Service Environments or are willing to migrate your workload to App Service Environments, you can get greater control of your environment including disabling TLS 1.0 by following instructions in our documentation.
More information
Microsoft regularly reviews standards compliance procedures and will periodically update compliance baselines as standards bodies update and change their requirements.  As part of Microsoft's Fiscal 2017 compliance planning, PCI standards will again be re-reviewed and technical determinations will be made. To view the current certifications, technical determinations will be made. To view the current certifications, visit the Microsoft Azure Trust Center: Compliance site.
Note This is a "FAST PUBLISH" article created directly from within the Microsoft support organization. The information contained herein is provided as-is in response to emerging issues. As a result of the speed in making it available, the materials may include typographical errors and may be revised at any time without notice. See Terms of Use for other considerations.
Properties

Article ID: 3124528 - Last Review: 07/12/2016 21:52:00 - Revision: 1.2

Microsoft Azure App Service Web Apps

  • KB3124528
Feedback