AzPolicyAdvertizer

last sync: 2024-Jul-26 18:17:39 UTC

[Deprecated]: App Service apps should have 'Client Certificates (Incoming client certificates)' enabled

Azure BuiltIn Policy definition

Source

Azure Portal

Display name

[Deprecated]: App Service apps should have 'Client Certificates (Incoming client certificates)' enabled

5bb220d9-2698-4ee4-8404-b9c30c9df609

Version

3.1.0-deprecated
Details on versioning

Category

App Service
Microsoft Learn

Description

Client certificates allow for the app to request a certificate for incoming requests. Only clients that have a valid certificate will be able to reach the app. This policy has been replaced by a new policy with the same name because Http 2.0 doesn't support client certificates.

Mode

Indexed

Type

BuiltIn

Preview

False

Deprecated

True

Effect

Default
Disabled
Allowed
Audit, Disabled

RBAC role(s)

none

Rule aliases

IF (1)

Alias	Namespace	ResourceType	Path	PathIsDefault	DefaultPath	Modifiable
Microsoft.Web/sites/clientCertEnabled	Microsoft.Web	sites	properties.clientCertEnabled	True		False

Rule resource types

IF (1)
Microsoft.Web/sites

Compliance

The following 1 compliance controls are associated with this Policy definition '[Deprecated]: App Service apps should have 'Client Certificates (Incoming client certificates)' enabled' (5bb220d9-2698-4ee4-8404-b9c30c9df609)

Control Domain	Control	Name	MetadataId	Category	Title	Owner	Requirements	Description	Info	Policy#
CIS_Azure_2.0.0	9.4	CIS_Azure_2.0.0_9.4	CIS Microsoft Azure Foundations Benchmark recommendation 9.4	9	Ensure the web app has 'Client Certificates (Incoming client certificates)' set to 'On'	Shared	Utilizing and maintaining client certificates will require additional work to obtain and manage replacement and key rotation.	Client certificates allow for the app to request a certificate for incoming requests. Only clients that have a valid certificate will be able to reach the app. The TLS mutual authentication technique in enterprise environments ensures the authenticity of clients to the server. If incoming client certificates are enabled, then only an authenticated client who has valid certificates can access the app.	link	3

Initiatives usage

Initiative DisplayName	Initiative Id	Initiative Category	State	Type
CIS Microsoft Azure Foundations Benchmark v2.0.0	06f19060-9e68-4070-92ca-f15cc126059e	Regulatory Compliance	GA	BuiltIn

History

Date/Time (UTC ymd) (i)	Change type	Change detail
2023-12-08 20:47:07	change	Minor, new suffix: deprecated (3.0.0 > 3.1.0-deprecated)
2022-09-19 17:41:40	change	Major (2.0.0 > 3.0.0)
2022-07-01 16:32:34	change	Major (1.0.0 > 2.0.0)
2019-11-12 19:11:12	add	5bb220d9-2698-4ee4-8404-b9c30c9df609

JSON compare

compare mode: version left: version right:

JSON

api-version=2021-06-01
EPAC