last sync: 2025-Mar-26 20:41:27 UTC

[Deprecated]: API apps should have 'Client Certificates (Incoming client certificates)' enabled

Azure BuiltIn Policy definition

Source Azure Portal
Display name [Deprecated]: API apps should have 'Client Certificates (Incoming client certificates)' enabled
Id 0c192fe8-9cbb-4516-85b3-0ade8bd03886
Version 1.0.0-deprecated
Details on versioning
Versioning Versions supported for Versioning: 1
1.0.0 (1.0.0-deprecated)
Built-in Versioning [Preview]
Category App Service
Microsoft Learn
Description Client certificates allow for the app to request a certificate for incoming requests. Only clients that have a valid certificate will be able to reach the app. We recommend all customers who are still using API Apps to implement the built-in policy called 'App Service apps should have 'Client Certificates (Incoming client certificates)' enabled', which is scoped to include API apps in addition to Web Apps.
Cloud environments AzureCloud = true
AzureUSGovernment = unknown
AzureChinaCloud = unknown
Available in AzUSGov Unknown, no evidence if Policy definition is/not available in AzureUSGovernment
Assessment(s) Assessments count: 1
Assessment Id: ce2768c3-a7c7-1bbf-22cd-f9db675a9807
DisplayName: Ensure API app has Client Certificates Incoming client certificates set to On
Description: Client certificates allow for the app to request a certificate for incoming requests. Only clients that have a valid certificate will be able to reach the app.
Remediation description: To set Client Certificates for your API App: 1. Navigate to your App Service 2. Select Configuration 3. Go to the General Settings tab 4. Set Incoming Client Certificates to Require For more information, visit here: https://aka.ms/auth-tls
Categories: AppServices
Severity: Medium
preview: True
Mode Indexed
Type BuiltIn
Preview False
Deprecated True
Effect Default
Audit
Allowed
Audit, Disabled
RBAC role(s) none
Rule aliases IF (1)
Alias Namespace ResourceType Path PathIsDefault DefaultPath Modifiable
Microsoft.Web/sites/clientCertEnabled Microsoft.Web sites properties.clientCertEnabled True False
Rule resource types IF (1)
Microsoft.Web/sites
Compliance Not a Compliance control
Initiatives usage none
History
Date/Time (UTC ymd) (i) Change type Change detail
2022-07-01 16:32:34 change Version remains equal, new suffix: deprecated (1.0.0 > 1.0.0-deprecated)
2019-11-12 19:11:12 add 0c192fe8-9cbb-4516-85b3-0ade8bd03886
JSON compare
compare mode: version left: version right:
JSON
api-version=2021-06-01
EPAC