Disabling local authentication methods for SCM sites improves security by ensuring that App Services exclusively require Microsoft Entra identities for authentication. Learn more at: https://aka.ms/app-service-disable-basic-auth.
The following 1 compliance controls are associated with this Policy definition 'App Service apps should have local authentication methods disabled for SCM site deployments' (aede300b-d67f-480a-ae26-4b3dfb1a1fdc)
Use the filters above each column to filter and limit table data. Advanced searches can be performed by using the following operators: <, <=, >, >=, =, *, !, {, }, ||,&&, [empty], [nonempty], rgx: Learn more
IM-1 Use centralized identity and authentication system
Shared
**Security Principle:**
Use a centralized identity and authentication system to govern your organization's identities and authentications for cloud and non-cloud resources.
**Azure Guidance:**
Microsoft Entra ID is Azure's identity and authentication management service. You should standardize on Microsoft Entra ID to govern your organization's identity and authentication in:
- Microsoft cloud resources, such as the Azure Storage, Azure Virtual Machines (Linux and Windows), Azure Key Vault, PaaS, and SaaS applications.
- Your organization's resources, such as applications on Azure, third-party applications running on your corporate network resources, and third-party SaaS applications.
- Your enterprise identities in Active Directory by synchronization to Microsoft Entra ID to ensure a consistent and centrally managed identity strategy.
Note: As soon as it is technically feasible, you should migrate on-premises Active Directory based applications to Microsoft Entra ID. This could be a Microsoft Entra Enterprise Directory, Business to Business configuration, or Business to consumer configuration.
**Implementation and additional context:**
Tenancy in Microsoft Entra ID:
https://docs.microsoft.com/azure/active-directory/develop/single-and-multi-tenant-apps
How to create and configure a Microsoft Entra instance:
https://docs.microsoft.com/azure/active-directory/fundamentals/active-directory-access-create-new-tenant
Define Microsoft Entra ID tenants:
https://azure.microsoft.com/resources/securing-azure-environments-with-azure-active-directory/
Use external identity providers for an application:
https://docs.microsoft.com/azure/active-directory/b2b/identity-providers
Use the filters above each column to filter and limit table data. Advanced searches can be performed by using the following operators: <, <=, >, >=, =, *, !, {, }, ||,&&, [empty], [nonempty], rgx: Learn more
"displayName": "App Service apps should have local authentication methods disabled for SCM site deployments",
3
"policyType": "BuiltIn",
4
"mode": "Indexed",
5
- "description": "Disabling local authentication methods improves security by ensuring that App Service exclusively require Azure Active Directory identities for authentication. Learn more at: https://aka.ms/app-service-disable-basic-auth.",
6
"metadata": {
7
- "version": "1.0.2",
8
"category": "App Service"
9
},
10
"parameters": {
11
"effect": {
1
{
2
"displayName": "App Service apps should have local authentication methods disabled for SCM site deployments",
3
"policyType": "BuiltIn",
4
"mode": "Indexed",
5
+ "description": "Disabling local authentication methods for SCM sites improves security by ensuring that App Services exclusively require Azure Active Directory identities for authentication. Learn more at: https://aka.ms/app-service-disable-basic-auth.",
displayName: "App Service apps should have local authentication methods disabled for SCM site deployments",
policyType: "BuiltIn",
mode: "Indexed",
description: "Disabling local authentication methods for SCM sites improves security by ensuring that App Services exclusively require Microsoft Entra identities for authentication. Learn more at: https://aka.ms/app-service-disable-basic-auth.",
