@Kim Patrick Delos Reyes Thank you for reaching out.

Please check if you have Minimum TLS version set to 1.2 on the Azure SQL Server.
If yes, there shouldn't be any further action from your end.

You may want to post this issue on the Tenable community for a more appropriate response on the scans.

----------

If an answer is helpful, please " Accept answer " or " Up-Vote " which might help other community members reading this thread.
And if you have further questions or issues, please let us know.

@KalyanChanumolu-MSFT - Yes, I can confirm all our services are at Minimum TLS version set to 1.2 per screenshot.
As the scan results are against URL <sqlservername>.database.windows.net, does it mean our Azure resources at TLS 1.2 does not support the use of these SSL ciphers and can be considered false positives?

We can also see these results on our APIM resources agains <api-name>.azure-api.net

Any links for reference that can support evidence will be helpful

@Kim Patrick Delos Reyes Here is an extract from this article regarding TLS 1.2

All Azure services fully support TLS 1.2 and services where customers are using only TLS 1.2 have made a switch to accept only TLS 1.2 traffic.

However, if you have older versions of non-microsoft clients or drivers using versions less than TLS 1.2, here are some security best practices and guidelines

I am not aware of the tenable scans, so I suggest you post the question on their community to understand the results better

----------

If an answer is helpful, please " Accept answer " or " Up-Vote " which might help other community members reading this thread.
And if you have further questions or issues, please let us know.