Microsoft Web App Azure App Service Compliance with PCI Standards 3.0 and 3.1
The Azure App Service: Web App is currently in compliance with PCI DSS version 3.0 Level 1. We have also noted customer requests that make reference to PCI DSS version 3.1, and specifically the change from version 3.0 to 3.1 which states that SSL and "early TLS versions ” will no longer be considered valid security options from June 30th 2018.
PCI DSS version 3.1 certification requires disabling TLS 1.0. If you are using App Service Environments or are willing to migrate your workload to App Service Environments, you can get greater control of your environment including disabling TLS 1.0 by following instructions in our documentation.
What this means
Microsoft regularly reviews standards compliance procedures and will periodically update compliance baselines as standards bodies update and change their requirements. As part of Microsoft's Fiscal 2017 compliance planning, PCI standards will again be re-reviewed and technical determinations will be made. To view the current certifications, technical determinations will be made. To view the current certifications, visit the Microsoft Azure Trust Center: Compliance site.
Article ID: 3124528 - Last Review: 07/12/2016 21:52:00 - Revision: 1.2
Microsoft Azure App Service Web Apps