Hello,
This is what has been answered in a session: "
- The recommendation for "Event Grid" is to use a "private endpoint" on the connection that is configured on the Azure Front Door in order that additional security configurations, protocols and software information that were found as a result of the "Tehical Hacking" type tests can be performed.
- Take as reference the architecture we reviewed and shared in the session, here the reference: Mission-critical baseline architecture with network controls - Azure Architecture Center | Microsoft Learn
- In case of "Event Hub" the scenario is different since they are running the tests internally and they would have to use an "Azure Application Gateway" for all the traffic that is going to the API.
- On the other hand, TLS testing with versions lower than 1.2 are only call/acknowledge, but they are required to test in those versions not only the call, launch an event and monitor response. If the call or test is performed with version lower than 1.2 it should not affect the expected behavior of the service. In the case of requiring "Event Hub" to have a different behavior when making a call through a version lower than TLS 1.2, it will be necessary to raise a support ticket to validate if it is possible to change the behavior of the service."
For the Eventhub and Eventgrid cases related to Header testing and TLS 1.2 protocol, this is what Microsoft told us in an internal session.
I hope this helps to solve other people's doubts.