Configure TLS policy on a Front Door custom domain

Applies to: ✔️ Front Door Standard ✔️ Front Door Premium

Azure Front Door Standard and Premium offer two mechanisms for controlling TLS policy. You can use either a predefined policy or a custom policy per your own needs.

• Azure Front Door offers several predefined TLS policies. You can configure your AFD with any of these policies to get the appropriate level of security. These predefined policies are configured keeping in mind the best practices and recommendations from the Microsoft Security team. We recommend that you use the newest TLS policies to ensure the best TLS security.

• If a TLS policy needs to be configured for your own business and security requirements, you can use a Custom TLS policy. With a custom TLS policy, you have complete control over the minimum TLS protocol version to support, and the supported cipher suites.

In this article, you learn how to configure TLS policy on a Front Door custom domain.

Prerequisites

• A Front Door.
• A custom domain. If you don't have a custom domain, you must first purchase one from a domain provider.
• If you're using Azure to host your DNS domains, you must delegate the domain provider's domain name system (DNS) to an Azure DNS. For more information, see Delegate a domain to Azure DNS. Otherwise.

Configure TLS policy

1. Go to your Azure Front Door profile that you want to configure the TLS policy for.

2. Under Settings, select Domains . Then select + Add to add a new domain.

3. On the Add a domain page, follow the instructions in Configure a custom domain on Azure Front Door and Configure HTTPS on an Azure Front Door custom domain to configure the domain.

4. For TLS policy, select the predefined policy from the dropdown list.

   

   Note

   You can reuse the custom TLS policy setting from other domains in the portal by selecting the domain in Reuse setting from other domain.

5. Select Add to add the domain.

Related content

• Azure Front Door TLS Policy