Source | Azure Portal | ||||||||||||||||||||||
Display name | [Deprecated]: App Service apps should have 'Client Certificates (Incoming client certificates)' enabled | ||||||||||||||||||||||
Id | 5bb220d9-2698-4ee4-8404-b9c30c9df609 | ||||||||||||||||||||||
Version | 3.1.0-deprecated Details on versioning |
||||||||||||||||||||||
Versioning |
Versions supported for Versioning: 1 3.1.0 (3.1.0-deprecated) Built-in Versioning [Preview] |
||||||||||||||||||||||
Category | App Service Microsoft Learn |
||||||||||||||||||||||
Description | Client certificates allow for the app to request a certificate for incoming requests. Only clients that have a valid certificate will be able to reach the app. This policy has been replaced by a new policy with the same name because Http 2.0 doesn't support client certificates. | ||||||||||||||||||||||
Cloud environments | AzureCloud = true AzureUSGovernment = unknown AzureChinaCloud = unknown |
||||||||||||||||||||||
Available in AzUSGov | Unknown, no evidence if Policy definition is/not available in AzureUSGovernment | ||||||||||||||||||||||
Assessment(s) |
Assessments count: 1 Assessment Id: ca4e6a5a-3a9a-bad3-798a-d420a1d9bd6d DisplayName: Web apps should request an SSL certificate for all incoming requests Description: Web apps should be configured to request an SSL certificate for all incoming requests. This is done using client certificates, which ensure that only clients with a valid certificate can access the app. If this is not implemented, unauthorized clients may be able to access the app, potentially leading to security breaches and data leaks. Therefore, it is crucial to enforce this security measure to protect the app and its data. Remediation description: To set Client Certificates for your Web App: 1. Navigate to Azure App Service 2. Select Configuration 3. Go to the General Settings tab 4. Set Incoming Client Certificates to Require. For more information, visit here: https://aka.ms/auth-tls Categories: AppServices Severity: Medium preview: True |
||||||||||||||||||||||
Mode | Indexed | ||||||||||||||||||||||
Type | BuiltIn | ||||||||||||||||||||||
Preview | False | ||||||||||||||||||||||
Deprecated | True | ||||||||||||||||||||||
Effect | Default Disabled Allowed Audit, Disabled |
||||||||||||||||||||||
RBAC role(s) | none | ||||||||||||||||||||||
Rule aliases | IF (1)
|
||||||||||||||||||||||
Rule resource types | IF (1) |
||||||||||||||||||||||
Compliance |
The following 1 compliance controls are associated with this Policy definition '[Deprecated]: App Service apps should have 'Client Certificates (Incoming client certificates)' enabled' (5bb220d9-2698-4ee4-8404-b9c30c9df609)
| ||||||||||||||||||||||
Initiatives usage |
|
||||||||||||||||||||||
History |
|
||||||||||||||||||||||
JSON compare |
compare mode:
version left:
version right:
|
||||||||||||||||||||||
JSON |
|