diff --git a/modules/Microsoft.Sql/managedInstances/deploy.bicep b/modules/Microsoft.Sql/managedInstances/deploy.bicep
index 44ce08f07e..7bf9a767ae 100644
--- a/modules/Microsoft.Sql/managedInstances/deploy.bicep
+++ b/modules/Microsoft.Sql/managedInstances/deploy.bicep
@@ -143,6 +143,15 @@ param encryptionProtectorObj object = {}
 @description('Optional. The administrator configuration.')
 param administratorsObj object = {}
 
+@allowed([
+  'None'
+  '1.0'
+  '1.1'
+  '1.2'
+])
+@description('Optional. Minimal TLS version allowed.')
+param minimalTlsVersion string = '1.2'
+
 @description('Optional. The storage account type used to store backups for this database.')
 @allowed([
   'Geo'
@@ -245,6 +254,7 @@ resource managedInstance 'Microsoft.Sql/managedInstances@2022-02-01-preview' = {
     servicePrincipal: {
       type: servicePrincipal
     }
+    minimalTlsVersion: minimalTlsVersion
   }
 }
 
diff --git a/modules/Microsoft.Sql/managedInstances/readme.md b/modules/Microsoft.Sql/managedInstances/readme.md
index be7d382d93..01b361840a 100644
--- a/modules/Microsoft.Sql/managedInstances/readme.md
+++ b/modules/Microsoft.Sql/managedInstances/readme.md
@@ -81,6 +81,7 @@ SQL MI allows for Azure AD Authentication via an [Azure AD Admin](https://docs.m
 | `location` | string | `[resourceGroup().location]` |  | Location for all resources. |
 | `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. |
 | `managedInstanceCreateMode` | string | `'Default'` | `[Default, PointInTimeRestore]` | Specifies the mode of database creation. Default: Regular instance creation. Restore: Creates an instance by restoring a set of backups to specific point in time. RestorePointInTime and SourceManagedInstanceId must be specified. |
+| `minimalTlsVersion` | string | `'1.2'` | `[1.0, 1.1, 1.2, None]` | Minimal TLS version allowed. |
 | `proxyOverride` | string | `'Proxy'` | `[Default, Proxy, Redirect]` | Connection type used for connecting to the instance. |
 | `publicDataEndpointEnabled` | bool | `False` |  | Whether or not the public data endpoint is enabled. |
 | `requestedBackupStorageRedundancy` | string | `'Geo'` | `[Geo, GeoZone, Local, Zone]` | The storage account type used to store backups for this database. |