The following 1 compliance controls are associated with this Policy definition 'API Management calls to API backends should not bypass certificate thumbprint or name validation' (92bb331d-ac71-416a-8c91-02f2cb734ce4)
Authenticate remote servers and services from your client side to ensure you are connecting to trusted server and services. The most common server authentication protocol is Transport Layer Security (TLS), where the client-side (often a browser or client device) verifies the server by verifying the server’s certificate was issued by a trusted certificate authority.
Note: Mutual authentication can be used when both the server and the client authenticate one-another.
Many Azure services support TLS authentication by default. For the services supporting TLS enable/disable switch by the user, ensure it's always enabled to support the server/service authentication. Your client application should also be designed to verify server/service identity (by verifying the server’s certificate issued by a trusted certificate authority) in the handshake stage.
**Implementation and additional context:**
Enforce Transport Layer Security (TLS) for a storage account: