Issue choosing minimal TLS version for Azure SQL server ARM template

John 101 Reputation points
2022-07-22T12:27:13.837+00:00

Hi, I have an issue trying to choose the minimal TLS version for my Azure SQL server. Everytime I try to deploy this template without this parameter it works and when I deploy it with this parameter it fails. I was wondering if anyone knows why and how can still implement this in the template below.

{  
    "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",  
    "contentVersion": "1.0.0.0",  
    "parameters": {  
        "serverName": {  
            "defaultValue": "[uniqueString('sql', resourceGroup().id)]",  
            "type": "string",  
            "metadata": {  
                "description": "The name of the SQL logical server."  
            }  
        },  
        "location": {  
            "defaultValue": "[resourceGroup().location]",  
            "type": "string",  
            "metadata": {  
                "description": "Location for all resources."  
            }  
        },  
        "administratorLogin": {  
            "type": "string",  
            "metadata": {  
                "description": "The administrator username of the SQL logical server."  
            }  
        },  
        "administratorLoginPassword": {  
            "type": "securestring",  
            "metadata": {  
                "description": "The administrator password of the SQL logical server."  
            }  
        },  
        "AAD Admin Login": {  
            "type": "string",  
            "defaultValue": "",  
            "metadata": {  
                "description": "Emailaddress of the Azure Active Directory administrator."  
            }  
        },  
        "AAD Admin ObjectID": {  
            "type": "string",  
            "defaultValue": "",  
            "metadata": {  
                "description": "SID (object ID) of the server administrator."  
            }  
        },  
        "AAD TenantId": {  
            "type": "string",  
            "defaultValue": "[subscription().tenantId]",  
            "metadata": {  
                "description": "Tenant ID of the administrator."  
            }  
        },  
        "minimalTlsVersion":{  
            "type": "string",  
            "defaultValue": "1.2",  
            "allowedValues": [  
                "1.0",  
                "1.1",  
                "1.2"  
                    ],  
            "metadata": {  
                "description": "Minimal TLS version. Allowed values: '1.0', '1.1', '1.2'."  
            }      
        },  
        "sqlDBName": {  
            "type": "string",  
            "defaultValue": "",  
            "metadata": {  
                "description": "The name of the SQL Database."  
            }  
        },  
        "tier": {  
            "type": "string",  
            "defaultValue": "GeneralPurpose",  
            "metadata": {  
                "description": "The tier or edition of the particular SKU, e.g. Basic, Premium."  
            }  
            },  
        "skuName": {  
            "type": "string",  
            "defaultValue": "GP_Gen5_2",  
            "metadata": {  
                "description": "The database SKU."  
            }  
        },  
        "catalogCollation":{  
        "type": "string",  
        "defaultValue": "SQL_Latin1_General_CP1_CI_AS",  
        "allowedValues": [  
            "SQL_Latin1_General_CP1_CI_AS",  
            "DATABASE_DEFAULT"  
        ],  
        "metadata": {  
            "description": "Collation of the metadata catalog."  
        }  
        },  
        "licenseType":{  
            "type": "string",  
            "defaultValue": "LicenseIncluded",  
            "allowedValues": [  
                "LicenseIncluded",  
                "BasePrice"  
            ],  
            "metadata": {  
                "description": "The license type to apply for this database. LicenseIncluded if you need a license, or BasePrice if you have a license and are eligible for the Azure Hybrid Benefit."  
            }  
        },  
        "highAvailabilityReplicaCount":{  
            "type": "int",  
            "defaultValue": 0,  
            "metadata": {  
                "description": "The number of secondary replicas associated with the database that are used to provide high availability."  
            }  
        },  
        "requestedBackupStorageRedundancy":{  
            "type": "string",  
            "defaultValue": "Local",  
            "allowedValues": [  
                "Local",  
                "Zone"  
            ],  
            "metadata": {  
                "description": "The storage account type to be used to store backups for this database."  
            }  
        },  
        "zoneRedundant": {  
        "type": "bool",  
        "defaultValue": "false",  
        "metadata": {"description": "Whether or not this database is zone redundant, which means the replicas of this database will be spread across multiple availability zones."  
            }  
        }  
    },  
    "resources": [  
        {  
            "type": "Microsoft.Sql/servers",  
            "apiVersion": "2014-04-01",  
            "name": "[parameters('serverName')]",  
            "location": "[parameters('location')]",  
            "properties": {  
                "administratorLogin": "[parameters('administratorLogin')]",  
                "administratorLoginPassword": "[parameters('administratorLoginPassword')]",  
                "minimalTlsVersion": "[parameters('minimalTlsVersion')]"  
            },  
            "resources": [  
                {  
                    "type": "administrators",  
                    "apiVersion": "2014-04-01",  
                    "name": "activeDirectory",  
                    "location": "[parameters('Location')]",  
                    "dependsOn": [  
                        "[concat('Microsoft.Sql/servers/', parameters('serverName'))]"  
                    ],  
                    "properties": {  
                        "administratorType": "ActiveDirectory",  
                        "login": "[parameters('AAD Admin Login')]",  
                        "sid": "[parameters('AAD Admin ObjectID')]",  
                        "tenantId": "[parameters('AAD TenantID')]"  
                    }  
                }  
            ]  
        },  
        {  
            "type": "Microsoft.Sql/servers/databases",  
            "apiVersion": "2017-03-01-preview",  
            "name": "[format('{0}/{1}', parameters('serverName'), parameters('sqlDBName'))]",  
            "location": "[parameters('location')]",  
            "dependsOn": [  
                "[resourceId('Microsoft.Sql/servers', parameters('serverName'))]"  
            ],  
            "sku": {  
                "name": "Standard",  
                "tier": "Standard"  
            },  
            "properties": {  
                "catalogCollation": "[parameters('catalogCollation')]",  
                "highAvailabilityReplicaCount": "[parameters('highAvailabilityReplicaCount')]",  
                "licenseType": "[parameters('licenseType')]",  
                "requestedBackupStorageRedundancy": "[parameters('requestedBackupStorageRedundancy')]",  
                "zoneRedundant": "[parameters('zoneRedundant')]"  
            }  
        }  
    ]  
}  
Azure Blueprints
Azure Blueprints

An Azure service that provides templates for quick, repeatable creation of fully governed cloud subscriptions.

Azure DevTest Labs
Azure DevTest Labs

An Azure service that is used for provisioning development and test environments.


1 answer

Sort by: Most helpful
  1. Torrey Trahanovsky 0 Reputation points Microsoft Employee
    2026-06-29T20:31:09.7466667+00:00

    This one isn't actually an Azure Blueprints issue (it's an Azure SQL + ARM template question, so

    it may get faster help re-tagged under "Azure SQL Database" / "ARM templates"). For the actual

    problem: set the minimum TLS version via the minimalTlsVersion property on the

    Microsoft.Sql/servers resource (allowed values "1.0", "1.1", "1.2"), and make sure you're using an

    apiVersion that supports it (2019-06-01-preview or later), e.g.:

    "properties": { "minimalTlsVersion": "1.2" }

    If the deploy fails only when this property is present, it's potentially an unsupported

    apiVersion or an invalid value string


    Heads-up: Azure Blueprints (Preview) is being retired on January 31, 2027, with a phased

    retirement beginning July 31, 2026 (no new definitions/versions after Jul 31, 2026; no

    definition edits or new assignments after Oct 31, 2026; no assignment edits after Dec 31, 2026).

    Resources already deployed remain, but blueprint definitions, assignments, and locks (deny

    assignments) are removed at retirement - export anything you want to keep first.

    Recommended path: migrate to Azure Deployment Stacks (resource grouping, lifecycle management,

    and deny-assignment locking) plus Template Specs for versioned storage.

    • Retirement & timeline: https://aka.ms/AzureBlueprintsRetirement

    • Migration guide: https://aka.ms/AzureBlueprintsMigration

    • FAQ: https://aka.ms/AzureBlueprintsRetirementFAQ

    Was this answer helpful?

    0 comments No comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.