From 9689db5661a0c2fe81d66c6971f47c9a729ca0d2 Mon Sep 17 00:00:00 2001
From: Gary Thomas <g.thomas@redcentricplc.com>
Date: Fri, 6 Jun 2025 12:04:04 +0100
Subject: [PATCH 1/8] Allow any min TLS version >= 1.2

---
 src/Analyzer.Core/Rules/BuiltInRules.json | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/Analyzer.Core/Rules/BuiltInRules.json b/src/Analyzer.Core/Rules/BuiltInRules.json
index 0af883dd..14910091 100644
--- a/src/Analyzer.Core/Rules/BuiltInRules.json
+++ b/src/Analyzer.Core/Rules/BuiltInRules.json
@@ -536,11 +536,11 @@
         {
           "resourceType": "Microsoft.Web/sites/config",
           "path": "properties.minTlsVersion",
-          "equals": "1.2"
+          "greaterOrEquals": "1.2"
         },
         {
           "path": "properties.siteConfig.minTlsVersion",
-          "equals": "1.2"
+          "greaterOrEquals": "1.2"
         }
       ]
     }

From 67aee11c0259d383be302095d0a73cdffeb222df Mon Sep 17 00:00:00 2001
From: Gary Thomas <g.thomas@redcentricplc.com>
Date: Tue, 10 Jun 2025 15:09:31 +0100
Subject: [PATCH 2/8] Allow any min TLS version >= 1.2 for functionApps

---
 src/Analyzer.Core/Rules/BuiltInRules.json | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/Analyzer.Core/Rules/BuiltInRules.json b/src/Analyzer.Core/Rules/BuiltInRules.json
index 14910091..dffa37c1 100644
--- a/src/Analyzer.Core/Rules/BuiltInRules.json
+++ b/src/Analyzer.Core/Rules/BuiltInRules.json
@@ -332,11 +332,11 @@
         {
           "resourceType": "Microsoft.Web/sites/config",
           "path": "properties.minTlsVersion",
-          "equals": "1.2"
+          "greaterOrEquals": "1.2"
         },
         {
           "path": "properties.siteConfig.minTlsVersion",
-          "equals": "1.2"
+          "greaterOrEquals": "1.2"
         }
       ]
     }

From 52ecbfce94ff209a38c32cf3bb5fd3e5dc2cb988 Mon Sep 17 00:00:00 2001
From: Gary Thomas <g.thomas@redcentricplc.com>
Date: Wed, 11 Jun 2025 14:11:47 +0100
Subject: [PATCH 3/8] Add unit tests for TA-000017

---
 .../AppServicesLatestTLS-Failures.bicep       | 43 ++++++++++++++++++
 .../AppServicesLatestTLS-Passes.bicep         | 45 +++++++++++++++++++
 .../Tests/TA-000017/TA-000017.json            | 35 +++++++++++++++
 3 files changed, 123 insertions(+)
 create mode 100644 src/Analyzer.Core.BuiltInRuleTests/Tests/TA-000017/AppServicesLatestTLS-Failures.bicep
 create mode 100644 src/Analyzer.Core.BuiltInRuleTests/Tests/TA-000017/AppServicesLatestTLS-Passes.bicep
 create mode 100644 src/Analyzer.Core.BuiltInRuleTests/Tests/TA-000017/TA-000017.json

diff --git a/src/Analyzer.Core.BuiltInRuleTests/Tests/TA-000017/AppServicesLatestTLS-Failures.bicep b/src/Analyzer.Core.BuiltInRuleTests/Tests/TA-000017/AppServicesLatestTLS-Failures.bicep
new file mode 100644
index 00000000..88d4d0fc
--- /dev/null
+++ b/src/Analyzer.Core.BuiltInRuleTests/Tests/TA-000017/AppServicesLatestTLS-Failures.bicep
@@ -0,0 +1,43 @@
+resource webAppTls10 'Microsoft.Web/sites@2022-09-01' = {
+  kind: 'app'
+  name: 'webAppTls10'
+  properties: {
+    siteConfig: {
+      minTlsVersion: '1.0'
+      }
+  }
+}
+
+resource webAppNoTls 'Microsoft.Web/sites@2022-09-01' = {
+  kind: 'app'
+  name: 'webAppTls'
+  properties: {
+    siteConfig: {
+      }
+  }
+}
+
+resource webAppSeparateConfigTls10 'Microsoft.Web/sites@2022-09-01' = {
+  kind: 'app'
+  name: 'webAppSeparateConfigTls10'
+}
+
+resource webAppConfigTls10 'Microsoft.Web/sites/config@2022-09-01' = {
+  parent: webAppSeparateConfigTls10
+  name: 'web'
+  properties: {
+    minTlsVersion: '1.0'
+  }
+}
+
+resource webAppSeparateConfigNoTls 'Microsoft.Web/sites@2022-09-01' = {
+  kind: 'app'
+  name: 'webAppSeparateConfigNoTls'
+}
+
+resource webAppConfigNoTls 'Microsoft.Web/sites/config@2022-09-01' = {
+  parent: webAppSeparateConfigNoTls
+  name: 'web'
+  properties: {
+  }
+}
diff --git a/src/Analyzer.Core.BuiltInRuleTests/Tests/TA-000017/AppServicesLatestTLS-Passes.bicep b/src/Analyzer.Core.BuiltInRuleTests/Tests/TA-000017/AppServicesLatestTLS-Passes.bicep
new file mode 100644
index 00000000..84cf4940
--- /dev/null
+++ b/src/Analyzer.Core.BuiltInRuleTests/Tests/TA-000017/AppServicesLatestTLS-Passes.bicep
@@ -0,0 +1,45 @@
+resource webAppTls12 'Microsoft.Web/sites@2022-09-01' = {
+  kind: 'app'
+  name: 'webAppTls12'
+  properties: {
+    siteConfig: {
+      minTlsVersion: '1.2'
+      }
+  }
+}
+
+resource webAppTls13 'Microsoft.Web/sites@2022-09-01' = {
+  kind: 'app'
+  name: 'webAppTls13'
+  properties: {
+    siteConfig: {
+      minTlsVersion: '1.3'
+      }
+  }
+}
+
+resource webAppSeparateConfigTls12 'Microsoft.Web/sites@2022-09-01' = {
+  kind: 'app'
+  name: 'webAppSeparateConfigTls12'
+}
+
+resource webAppConfigTls12 'Microsoft.Web/sites/config@2022-09-01' = {
+  parent: webAppSeparateConfigTls12
+  name: 'web'
+  properties: {
+    minTlsVersion: '1.2'
+  }
+}
+
+resource webAppSeparateConfigTls13 'Microsoft.Web/sites@2022-09-01' = {
+  kind: 'app'
+  name: 'webAppSeparateConfigTls13'
+}
+
+resource webAppConfigTls13 'Microsoft.Web/sites/config@2022-09-01' = {
+  parent: webAppSeparateConfigTls13
+  name: 'web'
+  properties: {
+    minTlsVersion: '1.3'
+  }
+}
diff --git a/src/Analyzer.Core.BuiltInRuleTests/Tests/TA-000017/TA-000017.json b/src/Analyzer.Core.BuiltInRuleTests/Tests/TA-000017/TA-000017.json
new file mode 100644
index 00000000..d605891b
--- /dev/null
+++ b/src/Analyzer.Core.BuiltInRuleTests/Tests/TA-000017/TA-000017.json
@@ -0,0 +1,35 @@
+[
+  {
+    "Template": "AppServicesLatestTLS-Failures.bicep",
+    "ReportedFailures": [
+      {
+        "LineNumber": 6,
+        "Description": "properties.siteConfig.minTlsVersion set to 1.0 in webAppTls10"
+      },
+      {
+        "LineNumber": 15,
+        "Description": "properties.siteConfig.minTlsVersion missing in webAppNoTls"
+      },
+      {
+        "LineNumber": 20,
+        "Description": "properties.siteConfig.minTlsVersion missing in webAppSeparateConfigTls10"
+      },
+      {
+        "LineNumber": 29,
+        "Description": "properties.minTlsVersion set to 1.0 in webAppConfigTls10"
+      },
+      {
+        "LineNumber": 33,
+        "Description": "properties.siteConfig.minTlsVersion missing in webAppSeparateConfigNoTls"
+      },
+      {
+        "LineNumber": 41,
+        "Description": "properties.minTlsVersion missing in webAppConfigNoTls"
+      }
+    ]
+  },
+  {
+    "Template": "AppServicesLatestTLS-Passes.bicep",
+    "ReportedFailures": []
+  }
+]
\ No newline at end of file

From 515b2c7bc6bfb0d1304cd27765c415d45fce1213 Mon Sep 17 00:00:00 2001
From: Gary Thomas <g.thomas@redcentricplc.com>
Date: Wed, 11 Jun 2025 15:32:20 +0100
Subject: [PATCH 4/8] Add unit tests for TA-000011

---
 .../FunctionAppLatestTLS-Failures.bicep       | 43 ++++++++++++++++++
 .../FunctionAppLatestTLS-Passes.bicep         | 45 +++++++++++++++++++
 .../Tests/TA-000011/TA-000011.json            | 35 +++++++++++++++
 3 files changed, 123 insertions(+)
 create mode 100644 src/Analyzer.Core.BuiltInRuleTests/Tests/TA-000011/FunctionAppLatestTLS-Failures.bicep
 create mode 100644 src/Analyzer.Core.BuiltInRuleTests/Tests/TA-000011/FunctionAppLatestTLS-Passes.bicep
 create mode 100644 src/Analyzer.Core.BuiltInRuleTests/Tests/TA-000011/TA-000011.json

diff --git a/src/Analyzer.Core.BuiltInRuleTests/Tests/TA-000011/FunctionAppLatestTLS-Failures.bicep b/src/Analyzer.Core.BuiltInRuleTests/Tests/TA-000011/FunctionAppLatestTLS-Failures.bicep
new file mode 100644
index 00000000..49e636d5
--- /dev/null
+++ b/src/Analyzer.Core.BuiltInRuleTests/Tests/TA-000011/FunctionAppLatestTLS-Failures.bicep
@@ -0,0 +1,43 @@
+resource functionAppTls10 'Microsoft.Web/sites@2022-09-01' = {
+  kind: 'functionapp'
+  name: 'functionAppTls10'
+  properties: {
+    siteConfig: {
+      minTlsVersion: '1.0'
+      }
+  }
+}
+
+resource functionAppNoTls 'Microsoft.Web/sites@2022-09-01' = {
+  kind: 'functionapp'
+  name: 'functionAppNoTls'
+  properties: {
+    siteConfig: {
+      }
+  }
+}
+
+resource functionAppSeparateConfigTls10 'Microsoft.Web/sites@2022-09-01' = {
+  kind: 'functionapp'
+  name: 'functionAppSeparateConfigTls10'
+}
+
+resource functionAppConfigTls10 'Microsoft.Web/sites/config@2022-09-01' = {
+  parent: functionAppSeparateConfigTls10
+  name: 'web'
+  properties: {
+    minTlsVersion: '1.0'
+  }
+}
+
+resource functionAppSeparateConfigNoTls 'Microsoft.Web/sites@2022-09-01' = {
+  kind: 'functionapp'
+  name: 'functionAppSeparateConfigNoTls'
+}
+
+resource functionAppConfigNoTls 'Microsoft.Web/sites/config@2022-09-01' = {
+  parent: functionAppSeparateConfigNoTls
+  name: 'web'
+  properties: {
+  }
+}
diff --git a/src/Analyzer.Core.BuiltInRuleTests/Tests/TA-000011/FunctionAppLatestTLS-Passes.bicep b/src/Analyzer.Core.BuiltInRuleTests/Tests/TA-000011/FunctionAppLatestTLS-Passes.bicep
new file mode 100644
index 00000000..d072dd1f
--- /dev/null
+++ b/src/Analyzer.Core.BuiltInRuleTests/Tests/TA-000011/FunctionAppLatestTLS-Passes.bicep
@@ -0,0 +1,45 @@
+resource functionAppTls12 'Microsoft.Web/sites@2022-09-01' = {
+  kind: 'functionapp'
+  name: 'functionAppTls12'
+  properties: {
+    siteConfig: {
+      minTlsVersion: '1.2'
+      }
+  }
+}
+
+resource functionAppTls13 'Microsoft.Web/sites@2022-09-01' = {
+  kind: 'functionapp'
+  name: 'functionAppTls13'
+  properties: {
+    siteConfig: {
+      minTlsVersion: '1.3'
+      }
+  }
+}
+
+resource functionAppSeparateConfigTls12 'Microsoft.Web/sites@2022-09-01' = {
+  kind: 'functionapp'
+  name: 'functionAppSeparateConfigTls12'
+}
+
+resource functionAppConfigTls12 'Microsoft.Web/sites/config@2022-09-01' = {
+  parent: functionAppSeparateConfigTls12
+  name: 'web'
+  properties: {
+    minTlsVersion: '1.2'
+  }
+}
+
+resource functionAppSeparateConfigTls13 'Microsoft.Web/sites@2022-09-01' = {
+  kind: 'functionapp'
+  name: 'functionAppSeparateConfigTls13'
+}
+
+resource functionAppConfigTls13 'Microsoft.Web/sites/config@2022-09-01' = {
+  parent: functionAppSeparateConfigTls13
+  name: 'web'
+  properties: {
+    minTlsVersion: '1.3'
+  }
+}
diff --git a/src/Analyzer.Core.BuiltInRuleTests/Tests/TA-000011/TA-000011.json b/src/Analyzer.Core.BuiltInRuleTests/Tests/TA-000011/TA-000011.json
new file mode 100644
index 00000000..e675ace3
--- /dev/null
+++ b/src/Analyzer.Core.BuiltInRuleTests/Tests/TA-000011/TA-000011.json
@@ -0,0 +1,35 @@
+[
+  {
+    "Template": "FunctionAppLatestTLS-Failures.bicep",
+    "ReportedFailures": [
+      {
+        "LineNumber": 6,
+        "Description": "properties.siteConfig.minTlsVersion set to 1.0 in functionAppTls10"
+      },
+      {
+        "LineNumber": 15,
+        "Description": "properties.siteConfig.minTlsVersion missing in functionAppNoTls"
+      },
+      {
+        "LineNumber": 20,
+        "Description": "properties.siteConfig.minTlsVersion missing in functionAppSeparateConfigTls10"
+      },
+      {
+        "LineNumber": 29,
+        "Description": "properties.minTlsVersion set to 1.0 in functionAppConfigTls10"
+      },
+      {
+        "LineNumber": 33,
+        "Description": "properties.siteConfig.minTlsVersion missing in functionAppSeparateConfigNoTls"
+      },
+      {
+        "LineNumber": 41,
+        "Description": "properties.minTlsVersion missing in functionAppConfigNoTls"
+      }
+    ]
+  },
+  {
+    "Template": "FunctionAppLatestTLS-Passes.bicep",
+    "ReportedFailures": []
+  }
+]
\ No newline at end of file

From f43de325afdc66490907042868316901c5923c7c Mon Sep 17 00:00:00 2001
From: Gary Thomas <g.thomas@redcentricplc.com>
Date: Wed, 11 Jun 2025 15:33:40 +0100
Subject: [PATCH 5/8] Update TA-000011 and TA000017 to use in rather than
 greaterThan

---
 src/Analyzer.Core/Rules/BuiltInRules.json | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/src/Analyzer.Core/Rules/BuiltInRules.json b/src/Analyzer.Core/Rules/BuiltInRules.json
index dffa37c1..90fe4085 100644
--- a/src/Analyzer.Core/Rules/BuiltInRules.json
+++ b/src/Analyzer.Core/Rules/BuiltInRules.json
@@ -332,11 +332,11 @@
         {
           "resourceType": "Microsoft.Web/sites/config",
           "path": "properties.minTlsVersion",
-          "greaterOrEquals": "1.2"
+          "in": ["1.2", "1.3"]
         },
         {
           "path": "properties.siteConfig.minTlsVersion",
-          "greaterOrEquals": "1.2"
+          "in": ["1.2", "1.3"]
         }
       ]
     }
@@ -536,11 +536,11 @@
         {
           "resourceType": "Microsoft.Web/sites/config",
           "path": "properties.minTlsVersion",
-          "greaterOrEquals": "1.2"
+          "in": ["1.2", "1.3"]
         },
         {
           "path": "properties.siteConfig.minTlsVersion",
-          "greaterOrEquals": "1.2"
+          "in": ["1.2", "1.3"]
         }
       ]
     }

From 3f9545b086478dba200bc7ff45f49b23608c1e32 Mon Sep 17 00:00:00 2001
From: Gary Thomas <g.thomas@redcentricplc.com>
Date: Wed, 11 Jun 2025 15:54:59 +0100
Subject: [PATCH 6/8] Allow TLS 1.2 & 1.3 in TA-000005

---
 .../TA-000005/ApiAppLatestTLS-Failures.bicep  | 43 ++++++++++++++++++
 .../TA-000005/ApiAppLatestTLS-Passes.bicep    | 45 +++++++++++++++++++
 .../Tests/TA-000005/TA-000005.json            | 35 +++++++++++++++
 src/Analyzer.Core/Rules/BuiltInRules.json     |  4 +-
 4 files changed, 125 insertions(+), 2 deletions(-)
 create mode 100644 src/Analyzer.Core.BuiltInRuleTests/Tests/TA-000005/ApiAppLatestTLS-Failures.bicep
 create mode 100644 src/Analyzer.Core.BuiltInRuleTests/Tests/TA-000005/ApiAppLatestTLS-Passes.bicep
 create mode 100644 src/Analyzer.Core.BuiltInRuleTests/Tests/TA-000005/TA-000005.json

diff --git a/src/Analyzer.Core.BuiltInRuleTests/Tests/TA-000005/ApiAppLatestTLS-Failures.bicep b/src/Analyzer.Core.BuiltInRuleTests/Tests/TA-000005/ApiAppLatestTLS-Failures.bicep
new file mode 100644
index 00000000..c5cbcb0c
--- /dev/null
+++ b/src/Analyzer.Core.BuiltInRuleTests/Tests/TA-000005/ApiAppLatestTLS-Failures.bicep
@@ -0,0 +1,43 @@
+resource apiAppTls10 'Microsoft.Web/sites@2022-09-01' = {
+  kind: 'api'
+  name: 'apiAppTls10'
+  properties: {
+    siteConfig: {
+      minTlsVersion: '1.0'
+      }
+  }
+}
+
+resource apiAppNoTls 'Microsoft.Web/sites@2022-09-01' = {
+  kind: 'api'
+  name: 'apiAppNoTls'
+  properties: {
+    siteConfig: {
+      }
+  }
+}
+
+resource apiAppSeparateConfigTls10 'Microsoft.Web/sites@2022-09-01' = {
+  kind: 'api'
+  name: 'apiAppSeparateConfigTls10'
+}
+
+resource apiAppConfigTls10 'Microsoft.Web/sites/config@2022-09-01' = {
+  parent: apiAppSeparateConfigTls10
+  name: 'web'
+  properties: {
+    minTlsVersion: '1.0'
+  }
+}
+
+resource apiAppSeparateConfigNoTls 'Microsoft.Web/sites@2022-09-01' = {
+  kind: 'api'
+  name: 'apiAppSeparateConfigNoTls'
+}
+
+resource apiAppConfigNoTls 'Microsoft.Web/sites/config@2022-09-01' = {
+  parent: apiAppSeparateConfigNoTls
+  name: 'web'
+  properties: {
+  }
+}
diff --git a/src/Analyzer.Core.BuiltInRuleTests/Tests/TA-000005/ApiAppLatestTLS-Passes.bicep b/src/Analyzer.Core.BuiltInRuleTests/Tests/TA-000005/ApiAppLatestTLS-Passes.bicep
new file mode 100644
index 00000000..88d6ba08
--- /dev/null
+++ b/src/Analyzer.Core.BuiltInRuleTests/Tests/TA-000005/ApiAppLatestTLS-Passes.bicep
@@ -0,0 +1,45 @@
+resource apiAppTls12 'Microsoft.Web/sites@2022-09-01' = {
+  kind: 'api'
+  name: 'apiAppTls12'
+  properties: {
+    siteConfig: {
+      minTlsVersion: '1.2'
+      }
+  }
+}
+
+resource apiAppTls13 'Microsoft.Web/sites@2022-09-01' = {
+  kind: 'api'
+  name: 'apiAppTls13'
+  properties: {
+    siteConfig: {
+      minTlsVersion: '1.3'
+      }
+  }
+}
+
+resource apiAppSeparateConfigTls12 'Microsoft.Web/sites@2022-09-01' = {
+  kind: 'api'
+  name: 'apiAppSeparateConfigTls12'
+}
+
+resource apiAppConfigTls12 'Microsoft.Web/sites/config@2022-09-01' = {
+  parent: apiAppSeparateConfigTls12
+  name: 'web'
+  properties: {
+    minTlsVersion: '1.2'
+  }
+}
+
+resource apiAppSeparateConfigTls13 'Microsoft.Web/sites@2022-09-01' = {
+  kind: 'api'
+  name: 'apiAppSeparateConfigTls13'
+}
+
+resource apiAppConfigTls13 'Microsoft.Web/sites/config@2022-09-01' = {
+  parent: apiAppSeparateConfigTls13
+  name: 'web'
+  properties: {
+    minTlsVersion: '1.3'
+  }
+}
diff --git a/src/Analyzer.Core.BuiltInRuleTests/Tests/TA-000005/TA-000005.json b/src/Analyzer.Core.BuiltInRuleTests/Tests/TA-000005/TA-000005.json
new file mode 100644
index 00000000..69992715
--- /dev/null
+++ b/src/Analyzer.Core.BuiltInRuleTests/Tests/TA-000005/TA-000005.json
@@ -0,0 +1,35 @@
+[
+  {
+    "Template": "ApiAppLatestTLS-Failures.bicep",
+    "ReportedFailures": [
+      {
+        "LineNumber": 6,
+        "Description": "properties.siteConfig.minTlsVersion set to 1.0 in apiAppTls10"
+      },
+      {
+        "LineNumber": 15,
+        "Description": "properties.siteConfig.minTlsVersion missing in apiAppNoTls"
+      },
+      {
+        "LineNumber": 20,
+        "Description": "properties.siteConfig.minTlsVersion missing in apiAppSeparateConfigTls10"
+      },
+      {
+        "LineNumber": 29,
+        "Description": "properties.minTlsVersion set to 1.0 in apiAppConfigTls10"
+      },
+      {
+        "LineNumber": 33,
+        "Description": "properties.siteConfig.minTlsVersion missing in apiAppSeparateConfigNoTls"
+      },
+      {
+        "LineNumber": 41,
+        "Description": "properties.minTlsVersion missing in apiAppConfigNoTls"
+      }
+    ]
+  },
+  {
+    "Template": "ApiAppLatestTLS-Passes.bicep",
+    "ReportedFailures": []
+  }
+]
\ No newline at end of file
diff --git a/src/Analyzer.Core/Rules/BuiltInRules.json b/src/Analyzer.Core/Rules/BuiltInRules.json
index 90fe4085..4ac1b61b 100644
--- a/src/Analyzer.Core/Rules/BuiltInRules.json
+++ b/src/Analyzer.Core/Rules/BuiltInRules.json
@@ -160,11 +160,11 @@
         {
           "resourceType": "Microsoft.Web/sites/config",
           "path": "properties.minTlsVersion",
-          "equals": "1.2"
+          "in": ["1.2", "1.3"]
         },
         {
           "path": "properties.siteConfig.minTlsVersion",
-          "equals": "1.2"
+          "in": ["1.2", "1.3"]
         }
       ]
     }

From 31adbf277ce888b74ba449cb98820b357564b591 Mon Sep 17 00:00:00 2001
From: Gary Thomas <g.thomas@redcentricplc.com>
Date: Fri, 13 Jun 2025 14:29:28 +0100
Subject: [PATCH 7/8] Add tests for TA-000017 for sites with no kind attribute

---
 .../AppServicesLatestTLSNoKind-Failures.bicep | 43 +++++++++++++++++++
 .../AppServicesLatestTLSNoKind-Passes.bicep   | 41 ++++++++++++++++++
 .../Tests/TA-000017/TA-000017.json            | 33 ++++++++++++++
 3 files changed, 117 insertions(+)
 create mode 100644 src/Analyzer.Core.BuiltInRuleTests/Tests/TA-000017/AppServicesLatestTLSNoKind-Failures.bicep
 create mode 100644 src/Analyzer.Core.BuiltInRuleTests/Tests/TA-000017/AppServicesLatestTLSNoKind-Passes.bicep

diff --git a/src/Analyzer.Core.BuiltInRuleTests/Tests/TA-000017/AppServicesLatestTLSNoKind-Failures.bicep b/src/Analyzer.Core.BuiltInRuleTests/Tests/TA-000017/AppServicesLatestTLSNoKind-Failures.bicep
new file mode 100644
index 00000000..88d4d0fc
--- /dev/null
+++ b/src/Analyzer.Core.BuiltInRuleTests/Tests/TA-000017/AppServicesLatestTLSNoKind-Failures.bicep
@@ -0,0 +1,43 @@
+resource webAppTls10 'Microsoft.Web/sites@2022-09-01' = {
+  kind: 'app'
+  name: 'webAppTls10'
+  properties: {
+    siteConfig: {
+      minTlsVersion: '1.0'
+      }
+  }
+}
+
+resource webAppNoTls 'Microsoft.Web/sites@2022-09-01' = {
+  kind: 'app'
+  name: 'webAppTls'
+  properties: {
+    siteConfig: {
+      }
+  }
+}
+
+resource webAppSeparateConfigTls10 'Microsoft.Web/sites@2022-09-01' = {
+  kind: 'app'
+  name: 'webAppSeparateConfigTls10'
+}
+
+resource webAppConfigTls10 'Microsoft.Web/sites/config@2022-09-01' = {
+  parent: webAppSeparateConfigTls10
+  name: 'web'
+  properties: {
+    minTlsVersion: '1.0'
+  }
+}
+
+resource webAppSeparateConfigNoTls 'Microsoft.Web/sites@2022-09-01' = {
+  kind: 'app'
+  name: 'webAppSeparateConfigNoTls'
+}
+
+resource webAppConfigNoTls 'Microsoft.Web/sites/config@2022-09-01' = {
+  parent: webAppSeparateConfigNoTls
+  name: 'web'
+  properties: {
+  }
+}
diff --git a/src/Analyzer.Core.BuiltInRuleTests/Tests/TA-000017/AppServicesLatestTLSNoKind-Passes.bicep b/src/Analyzer.Core.BuiltInRuleTests/Tests/TA-000017/AppServicesLatestTLSNoKind-Passes.bicep
new file mode 100644
index 00000000..43b01235
--- /dev/null
+++ b/src/Analyzer.Core.BuiltInRuleTests/Tests/TA-000017/AppServicesLatestTLSNoKind-Passes.bicep
@@ -0,0 +1,41 @@
+resource webAppTls12 'Microsoft.Web/sites@2022-09-01' = {
+  name: 'webAppTls12'
+  properties: {
+    siteConfig: {
+      minTlsVersion: '1.2'
+      }
+  }
+}
+
+resource webAppTls13 'Microsoft.Web/sites@2022-09-01' = {
+  name: 'webAppTls13'
+  properties: {
+    siteConfig: {
+      minTlsVersion: '1.3'
+      }
+  }
+}
+
+resource webAppSeparateConfigTls12 'Microsoft.Web/sites@2022-09-01' = {
+  name: 'webAppSeparateConfigTls12'
+}
+
+resource webAppConfigTls12 'Microsoft.Web/sites/config@2022-09-01' = {
+  parent: webAppSeparateConfigTls12
+  name: 'web'
+  properties: {
+    minTlsVersion: '1.2'
+  }
+}
+
+resource webAppSeparateConfigTls13 'Microsoft.Web/sites@2022-09-01' = {
+  name: 'webAppSeparateConfigTls13'
+}
+
+resource webAppConfigTls13 'Microsoft.Web/sites/config@2022-09-01' = {
+  parent: webAppSeparateConfigTls13
+  name: 'web'
+  properties: {
+    minTlsVersion: '1.3'
+  }
+}
diff --git a/src/Analyzer.Core.BuiltInRuleTests/Tests/TA-000017/TA-000017.json b/src/Analyzer.Core.BuiltInRuleTests/Tests/TA-000017/TA-000017.json
index d605891b..6607007e 100644
--- a/src/Analyzer.Core.BuiltInRuleTests/Tests/TA-000017/TA-000017.json
+++ b/src/Analyzer.Core.BuiltInRuleTests/Tests/TA-000017/TA-000017.json
@@ -28,8 +28,41 @@
       }
     ]
   },
+  {
+    "Template": "AppServicesLatestTLSNoKind-Failures.bicep",
+    "ReportedFailures": [
+      {
+        "LineNumber": 6,
+        "Description": "properties.siteConfig.minTlsVersion set to 1.0 in webAppTls10"
+      },
+      {
+        "LineNumber": 15,
+        "Description": "properties.siteConfig.minTlsVersion missing in webAppNoTls"
+      },
+      {
+        "LineNumber": 20,
+        "Description": "properties.siteConfig.minTlsVersion missing in webAppSeparateConfigTls10"
+      },
+      {
+        "LineNumber": 29,
+        "Description": "properties.minTlsVersion set to 1.0 in webAppConfigTls10"
+      },
+      {
+        "LineNumber": 33,
+        "Description": "properties.siteConfig.minTlsVersion missing in webAppSeparateConfigNoTls"
+      },
+      {
+        "LineNumber": 41,
+        "Description": "properties.minTlsVersion missing in webAppConfigNoTls"
+      }
+    ]
+  },
   {
     "Template": "AppServicesLatestTLS-Passes.bicep",
     "ReportedFailures": []
+  },
+  {
+    "Template": "AppServicesLatestTLSNoKind-Passes.bicep",
+    "ReportedFailures": []
   }
 ]
\ No newline at end of file

From 90c8f998d004da5f6665f42f7e0e7787b6615722 Mon Sep 17 00:00:00 2001
From: Gary Thomas <g.thomas@redcentricplc.com>
Date: Mon, 16 Jun 2025 15:00:54 +0100
Subject: [PATCH 8/8] Remove kind:app from
 AppServicesLatestTLSNoKind-Failures.bicep

---
 .../AppServicesLatestTLSNoKind-Failures.bicep        |  4 ----
 .../Tests/TA-000017/TA-000017.json                   | 12 ++++++------
 2 files changed, 6 insertions(+), 10 deletions(-)

diff --git a/src/Analyzer.Core.BuiltInRuleTests/Tests/TA-000017/AppServicesLatestTLSNoKind-Failures.bicep b/src/Analyzer.Core.BuiltInRuleTests/Tests/TA-000017/AppServicesLatestTLSNoKind-Failures.bicep
index 88d4d0fc..54a494d6 100644
--- a/src/Analyzer.Core.BuiltInRuleTests/Tests/TA-000017/AppServicesLatestTLSNoKind-Failures.bicep
+++ b/src/Analyzer.Core.BuiltInRuleTests/Tests/TA-000017/AppServicesLatestTLSNoKind-Failures.bicep
@@ -1,5 +1,4 @@
 resource webAppTls10 'Microsoft.Web/sites@2022-09-01' = {
-  kind: 'app'
   name: 'webAppTls10'
   properties: {
     siteConfig: {
@@ -9,7 +8,6 @@ resource webAppTls10 'Microsoft.Web/sites@2022-09-01' = {
 }
 
 resource webAppNoTls 'Microsoft.Web/sites@2022-09-01' = {
-  kind: 'app'
   name: 'webAppTls'
   properties: {
     siteConfig: {
@@ -18,7 +16,6 @@ resource webAppNoTls 'Microsoft.Web/sites@2022-09-01' = {
 }
 
 resource webAppSeparateConfigTls10 'Microsoft.Web/sites@2022-09-01' = {
-  kind: 'app'
   name: 'webAppSeparateConfigTls10'
 }
 
@@ -31,7 +28,6 @@ resource webAppConfigTls10 'Microsoft.Web/sites/config@2022-09-01' = {
 }
 
 resource webAppSeparateConfigNoTls 'Microsoft.Web/sites@2022-09-01' = {
-  kind: 'app'
   name: 'webAppSeparateConfigNoTls'
 }
 
diff --git a/src/Analyzer.Core.BuiltInRuleTests/Tests/TA-000017/TA-000017.json b/src/Analyzer.Core.BuiltInRuleTests/Tests/TA-000017/TA-000017.json
index 6607007e..02a2cb70 100644
--- a/src/Analyzer.Core.BuiltInRuleTests/Tests/TA-000017/TA-000017.json
+++ b/src/Analyzer.Core.BuiltInRuleTests/Tests/TA-000017/TA-000017.json
@@ -32,27 +32,27 @@
     "Template": "AppServicesLatestTLSNoKind-Failures.bicep",
     "ReportedFailures": [
       {
-        "LineNumber": 6,
+        "LineNumber": 5,
         "Description": "properties.siteConfig.minTlsVersion set to 1.0 in webAppTls10"
       },
       {
-        "LineNumber": 15,
+        "LineNumber": 13,
         "Description": "properties.siteConfig.minTlsVersion missing in webAppNoTls"
       },
       {
-        "LineNumber": 20,
+        "LineNumber": 18,
         "Description": "properties.siteConfig.minTlsVersion missing in webAppSeparateConfigTls10"
       },
       {
-        "LineNumber": 29,
+        "LineNumber": 26,
         "Description": "properties.minTlsVersion set to 1.0 in webAppConfigTls10"
       },
       {
-        "LineNumber": 33,
+        "LineNumber": 30,
         "Description": "properties.siteConfig.minTlsVersion missing in webAppSeparateConfigNoTls"
       },
       {
-        "LineNumber": 41,
+        "LineNumber": 37,
         "Description": "properties.minTlsVersion missing in webAppConfigNoTls"
       }
     ]