In order to maintain PCI compliance, I need to have TLS v1.0 disabled. Is there anyway to do that (without paying for tech support)?

As of april 30 2018, and as written, it is now possible to require a minimum TLS version directly in Azure for an app service.

I'm having the same issue. I was going to use Cloudflare's WAF to disable TLS 1.0. However, Cloudflare won't sign a BAA, so if you need to be HIPAA compliant, you're hosed. Most people have this issue for PCI compliance, so it shouldn't be an issue.

You can copy your app service into an App Service Environment and disable TLS 1.0 via the cluster settings. However, you have to upgrade to the Premium tier and you have to have at least four servers (2 front end, 2 backend), which is even more expensive. Even with 4 P1s, you're looking at almost a $900 bill ($223/server/month)

You could also set up nginx and have it be a reverse proxy with TLS 1.0 disabled. However, now you have to manage a virtual machine. And since VMs are technically subject to being down, you have to have two nginx boxes in an availability set thrown behind a load balancer. Blech.

Long story short, it just is a really shitty situation. I'm in the same boat and I'm really kind of mad about it.

I wouldn't mind doing the App Service Environment if it wasn't so damn expensive.