From 26bea7e88f427d409712870a357c664e3119b51c Mon Sep 17 00:00:00 2001
From: Takeshi Katano <takatano@outlook.com>
Date: Thu, 26 Sep 2024 21:58:04 +0900
Subject: [PATCH] Add recommendation for SB minimum TLS version

---
 .../f075a1bd-de9e-4819-9a1d-1ac41037a74f.kql  |  8 ++++++++
 .../namespaces/recommendations.yaml           | 20 +++++++++++++++++++
 2 files changed, 28 insertions(+)
 create mode 100644 azure-resources/ServiceBus/namespaces/kql/f075a1bd-de9e-4819-9a1d-1ac41037a74f.kql

diff --git a/azure-resources/ServiceBus/namespaces/kql/f075a1bd-de9e-4819-9a1d-1ac41037a74f.kql b/azure-resources/ServiceBus/namespaces/kql/f075a1bd-de9e-4819-9a1d-1ac41037a74f.kql
new file mode 100644
index 00000000..3398411e
--- /dev/null
+++ b/azure-resources/ServiceBus/namespaces/kql/f075a1bd-de9e-4819-9a1d-1ac41037a74f.kql
@@ -0,0 +1,8 @@
+resources
+| where type =~ "Microsoft.ServiceBus/namespaces" and properties.minimumTlsVersion in ("1.0", "1.1")
+| project
+    recommendationId = "f075a1bd-de9e-4819-9a1d-1ac41037a74f",
+    name,
+    id,
+    tags,
+    param1 = strcat("minimumTlsVersion: ", properties.minimumTlsVersion)
diff --git a/azure-resources/ServiceBus/namespaces/recommendations.yaml b/azure-resources/ServiceBus/namespaces/recommendations.yaml
index 31f38e06..13e886ad 100644
--- a/azure-resources/ServiceBus/namespaces/recommendations.yaml
+++ b/azure-resources/ServiceBus/namespaces/recommendations.yaml
@@ -37,3 +37,23 @@
   learnMoreLink:
     - name: Service Bus auto-scaling
       url: "https://learn.microsoft.com/azure/service-bus-messaging/automate-update-messaging-units"
+
+- description: Configure the minimum TLS version for Service Bus namespaces to TLS v1.2 or higher
+  aprlGuid: f075a1bd-de9e-4819-9a1d-1ac41037a74f
+  recommendationTypeId: null
+  recommendationControl: Service Upgrade and Retirement
+  recommendationImpact: High
+  recommendationResourceType: Microsoft.ServiceBus/namespaces
+  recommendationMetadataState: Active
+  longDescription: |
+    As of 31 October 2024, TLS 1.0 and TLS 1.1 will no longer be supported on Azure including Service Bus to enhance security and provide best-in-class encryption for your data. Change the minimum TLS version for your Service Bus namespace to TLS v1.2 or higher.
+  potentialBenefits: Avoids service disruption
+  pgVerified: false
+  publishedToLearn: false
+  automationAvailable: true
+  tags: null
+  learnMoreLink:
+    - name: Azure support for TLS 1.0 and TLS 1.1 will end by 31 October 2024
+      url: "https://azure.microsoft.com/updates/azure-support-tls-will-end-by-31-october-2024-2/"
+    - name: Configure the minimum TLS version for a Service Bus namespace
+      url: "https://learn.microsoft.com/azure/service-bus-messaging/transport-layer-security-configure-minimum-version"