resources | where type in ( 'microsoft.web/sites/config', 'microsoft.storage/storageaccounts', 'microsoft.sql/servers', 'microsoft.keyvault/vaults', 'microsoft.network/applicationgateways', 'microsoft.cdn/profiles/endpoints', 'microsoft.apimanagement/service', 'microsoft.network/virtualnetworkgateways', 'microsoft.signalrservice/signalr', 'microsoft.cache/redis', 'microsoft.servicebus/namespaces', 'microsoft.containerservice/managedclusters' ) | extend TlsVersion = case( type == 'microsoft.web/sites/config', properties.minTlsVersion, type == 'microsoft.storage/storageaccounts', properties.minimumTlsVersion, type == 'microsoft.sql/servers', properties.minimalTlsVersion, type == 'microsoft.keyvault/vaults', 'Not directly applicable (managed by service)', type == 'microsoft.network/applicationgateways', properties.sslPolicy.minProtocolVersion, type == 'microsoft.cdn/profiles/endpoints', properties.tlsSettings.protocolType, type == 'microsoft.apimanagement/service', tostring(properties.protocols), type == 'microsoft.network/virtualnetworkgateways', tostring(properties.vpnClientConfiguration.vpnClientProtocols), type == 'microsoft.signalrservice/signalr', properties.tls.minimalTlsVersion, type == 'microsoft.cache/redis', properties.sku.family, // Redis may not directly expose TLS version type == 'microsoft.servicebus/namespaces', properties.minimumTlsVersion, type == 'microsoft.containerservice/managedclusters', 'TLS managed by individual deployments', 'Unknown' ) | project ResourceType = type, ResourceName = name, Location = location, TlsVersion