AzPolicyAdvertizer

last sync: 2021-Aug-04 14:59:26 UTC

Azure Policy definition

App Service Environment should be configured with strongest TLS Cipher suites

Name App Service Environment should be configured with strongest TLS Cipher suites
Azure Portal

Id 817dcf37-e83d-4999-a472-644eada2ea1e

Version 1.0.0
details on versioning

Category App Service
Microsoft docs

Description The two most minimal and strongest cipher suites required for App Service Environment to function correctly are : TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 and TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256.

Mode Indexed

Type BuiltIn

Preview FALSE

Deprecated FALSE

Effect Default: Audit
Allowed: (Audit, Disabled)

Used RBAC Role none

History

Date/Time (UTC ymd) (i)	Change type	Change detail
2021-06-22 14:29:30	add	817dcf37-e83d-4999-a472-644eada2ea1e

Used in Initiatives none

JSON

{
  "properties": {
    "displayName": "App Service Environment should be configured with strongest TLS Cipher suites",
    "policyType": "BuiltIn",
    "mode": "Indexed",
    "description": "The two most minimal and strongest cipher suites required for App Service Environment to function correctly are : TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 and TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256.",
    "metadata": {
      "version": "1.0.0",
      "category": "App Service"
    },
    "parameters": {
      "effect": {
        "type": "String",
        "metadata": {
          "displayName": "Effect",
          "description": "Enable or disable the execution of the policy"
        },
        "allowedValues": [
          "Audit",
          "Disabled"
        ],
        "defaultValue": "Audit"
      }
    },
    "policyRule": {
      "if": {
        "allOf": [
          {
            "field": "kind",
            "like": "ASE*"
          },
          {
            "field": "type",
            "equals": "Microsoft.Web/hostingEnvironments"
          },
          {
            "count": {
            "field": "Microsoft.Web/HostingEnvironments/clusterSettings[*]",
              "where": {
                "allOf": [
                  {
                  "field": "Microsoft.Web/HostingEnvironments/clusterSettings[*].name",
                    "contains": "FrontEndSSLCipherSuiteOrder"
                  },
                  {
                  "field": "Microsoft.Web/HostingEnvironments/clusterSettings[*].value",
                    "contains": "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"
                  },
                  {
                  "field": "Microsoft.Web/HostingEnvironments/clusterSettings[*].value",
                    "contains": "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"
                  },
                  {
                  "value": "[less(length(field('Microsoft.Web/HostingEnvironments/clusterSettings[*].value')), 80)]",
                    "equals": "true"
                  }
                ]
              }
            },
            "less": 1
          }
        ]
      },
      "then": {
      "effect": "[parameters('effect')]"
      }
    }
  },
  "id": "/providers/Microsoft.Authorization/policyDefinitions/817dcf37-e83d-4999-a472-644eada2ea1e",
  "type": "Microsoft.Authorization/policyDefinitions",
  "name": "817dcf37-e83d-4999-a472-644eada2ea1e"
}