Make default ssl settings more secure (https://www.ssllabs.com gives only B-rate).
When we deploy SSL listener with default settings, ssl configuration in not very secure (although acceptable for some services). Popular checker https://www.ssllabs.com gives just B-rate for this. You can check recommendations for example looking at report for our sample AGW deployed with default settings https://www.ssllabs.com/ssltest/analyze.html?d=tb-ag-dev.textback.io
Default setting are for backward compatibility. Please use pre-configured SSL policy with the newer policies like AppGwSslPolicy20170401 or AppGwSslPolicy20170401S.
Raymond de Jong commented
The pre-configured SSL policy's are not completed for Forward Secrecy