AZURE AppService Audit

Your number of AppServices resources can grow pretty fast - and so could be your painpoints.

What we do?

App Service Authentication Disabled

Azure App Service Authentication prevents anonymous HTTP requests to reach the API app. Also, it ensure to authenticate those that have tokens before they reach the API app. Anonymous requests from browser are redirected to a logon page.

Addresses: Security

Additional Reading:

Client Certificates Disabled

Client certificates allow the app to request a certificate for incoming requests. Only clients with a valid certificate will be able to reach the application. The TLS mutual authentication technique in enterprise environments ensures the authenticity of clients to the server.

Addresses: Security

Additional Reading:

HTTP 2.0 Disabled

Periodically, newer versions are released for HTTP either due to security flaws or to include additional functionality. Using the latest HTTP version for web apps to take advantage of security fixes, if any, and/or new functionalities of the newer version. Newer versions may contain security enhancements and additional functionality. Using the latest version is recommended in order to take advantage of enhancements and new capabilities. With each software installation, organizations need to determine if a given update meets their requirements and also verify the compatibility and support provided for any additional software against the update revision that is selected. HTTP 2.0 has additional performance improvements on the head-of-line blocking problem of old HTTP version, header compression, and prioritization of requests. HTTP 2.0 no longer supports HTTP 1.1's chunked transfer encoding mechanism, as it provides its own, more efficient, mechanisms for data streaming.

Addresses: Performance

Additional Reading:

HTTPS Traffic Only

By default, Azure Web App allows both HTTP and HTTPS. That means the web apps can be accessed over non-secure HTTP too.

Addresses: Security

Additional Reading:

Managed Service Identities Disabled

Managed service identity in App Service makes the app more secure by eliminating secrets from the app, such as credentials in the connection strings. When registering with Azure Active Directory in the app service, the app will connect to other Azure services securely without the need of username and passwords.

Addresses: Security

Additional Reading:

Unsafe TLS Version Supported

The TLS (Transport Layer Security) protocol secures transmission of data over the internet using standard encryption technology. Encryption should be set with the latest version of TLS. App Service allows TLS 1.2 by default, which is the recommended TLS level by industry standards, such as PCI DSS.

Addresses: Security

Additional Reading:

App Service Not Using Latest Programming Language Version

Ensure that all Microsoft Azure App Service web applications are using the latest available version of Programming Languages in order to take advantage of the latest security fixes, performance improvements, and new functionalities and features.

Addresses: Security, Reliability, Performance

Additional Reading: