last sync: 2021-Sep-24 16:09:49 UTC

Azure Policy definition

Authentication should be enabled on your web app

Name Authentication should be enabled on your web app
Azure Portal
Id 95bccee9-a7f8-4bec-9ee9-62c3473701fc
Version 1.0.0
details on versioning
Category App Service
Microsoft docs
Description Azure App Service Authentication is a feature that can prevent anonymous HTTP requests from reaching the web app, or authenticate those that have tokens before they reach the web app
Mode Indexed
Type BuiltIn
Preview FALSE
Deprecated FALSE
Effect Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)
Used RBAC Role none
History
Date/Time (UTC ymd) (i) Change type Change detail
2019-12-11 09:18:30 add 95bccee9-a7f8-4bec-9ee9-62c3473701fc
Used in Initiatives
Initiative DisplayName Initiative Id Initiative Category State
CIS Microsoft Azure Foundations Benchmark v1.1.0 1a5bb27d-173f-493e-9568-eb56638dde4d Regulatory Compliance GA
CIS Microsoft Azure Foundations Benchmark v1.3.0 612b5213-9160-4969-8578-1518bd2a000c Regulatory Compliance GA
JSON
{
  "displayName": "Authentication should be enabled on your web app",
  "policyType": "BuiltIn",
  "mode": "Indexed",
  "description": "Azure App Service Authentication is a feature that can prevent anonymous HTTP requests from reaching the web app, or authenticate those that have tokens before they reach the web app",
  "metadata": {
    "version": "1.0.0",
    "category": "App Service"
  },
  "parameters": {
    "effect": {
      "type": "String",
      "metadata": {
        "displayName": "Effect",
        "description": "Enable or disable the execution of the policy"
      },
      "allowedValues": [
        "AuditIfNotExists",
        "Disabled"
      ],
      "defaultValue": "AuditIfNotExists"
    }
  },
  "policyRule": {
    "if": {
      "allOf": [
        {
          "field": "type",
          "equals": "Microsoft.Web/sites"
        },
        {
          "field": "kind",
          "like": "app*"
        }
      ]
    },
    "then": {
      "effect": "[parameters('effect')]",
      "details": {
        "type": "Microsoft.Web/sites/config",
        "name": "web",
        "existenceCondition": {
          "field": "Microsoft.Web/sites/config/siteAuthEnabled",
          "equals": "true"
        }
      }
    }
  }
}