Andy, I'm having pretty much the same issue. I opened another thread before seeing yours:

https://social.msdn.microsoft.com/Forums/en-US/e6ab4ecd-c108-4e43-8e00-b0d096b76f96/tls-10-issues-with-service-bus-queue?forum=servbus

As to the suggestion from Richard about updating the client .Net framework, unfortunately that doesn't apply because it's not the client that's still trying to use TLS 1.0, it's the server (the Azure Service Bus Queue). I have run netmon as you can see from my thread and I can see that my client is passing 1.2 and the Service Bus queue is passing back TLS 1.0. (Just FYI however: I am using the 4.6.1 .net framework in my client. But I've tried many, many things including forcing 1.2 from my side.) It was just recently that I was actually able to see from the traffic that Azure only seems to be trying to negotiate over TLS 1.0. (This is especially frustrating, because it suggests not only that 1.0 isn't disabled, which wouldn't be that big of a deal for me, but that 1.1 and 1.2 are not even enabled.)

Note: This looks promising, but I haven't tried it with an "app service environment" (and as you can see from my thread, I inquire about the relevancy) -- well I tried what I thought was the equivalent for the service bus Resource Group, but it didn't work.

https://docs.microsoft.com/en-us/azure/app-service-web/app-service-app-service-environment-custom-settings#disable-tls-10

If I don't hear back from the Azure team, I'll probably try playing around with creating an App Service Environment and adding the Resource Group for my service bus queue to that environment and then applying the TLS 1.0 disable json to that environment to see if it works. As I say, the example above doesn't exactly apply to us.

Thanks,

Ben