Is the package deployed from Octopus to an Azure App Service using the “Deploy an Azure Web App”-step encrypted and transferred through https?
Thank you 
Hi,
Thanks for getting in touch! The short answer is yes - it uses HTTPS. You can verify this in your verbose task log (to enable verbose logging, refer to our documentation) when you perform an Azure Web App deployment. The log message will begin with Retrieved publishing profile. URI:... which will show the actual URL hit.
If you’re interested, you can refer to Calamari (as it’s open-source), and the relevant class is here: https://github.com/OctopusDeploy/Calamari/blob/master/source/Calamari.Azure/Deployment/Conventions/AzureWebAppConvention.cs
Let me know if you have any further questions!
Kind regards,
Kenny
Thank you:)