Ensure that TLS is enforced for Azure Load Balancer

Enabling end-to-end TLS encryption can help keep data in-transit protected. In addition, using the latest version of TLS and modern ciphers can help keep data in-transit protected from man-in-the-middle and similar attacks. To learn more about how Azure Load Balancers are configured for HTTPS using TLS, visit the Azure documentation.
References:
https://learn.microsoft.com/en-us/azure/load-balancer/skus

There are several changes required to migrate from a Basic to a Standard load balancer, including a Powershell script to upgrade the load balancer, portal changes to the external IP address, and VM scale set configuration changes (if used). To follow each of those steps, see the Azure documentation (below). If you wish to create a new load balancer with the Standard SKU, follow these steps in either the Console or with Terraform.

In Azure Console -

1. Open the Azure Portal and go to Load Balancers.
2. On the first page, under SKU, choose Standard.
3. Configure as needed.

In Terraform -

1. In the azurerm_lb resource, set the sku field to Standard.

References:
https://learn.microsoft.com/en-us/azure/load-balancer/upgrade-basic-standard
https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/lb#sku