Source | Azure Portal | ||||||||||||||
Display name | [Deprecated]: API App should only be accessible over HTTPS | ||||||||||||||
Id | b7ddfbdc-1260-477d-91fd-98bd9be789a6 | ||||||||||||||
Version | 1.0.0-deprecated Details on versioning |
||||||||||||||
Versioning |
Versions supported for Versioning: 1 1.0.0 (1.0.0-deprecated) Built-in Versioning [Preview] |
||||||||||||||
Category | App Service Microsoft Learn |
||||||||||||||
Description | Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks. We recommend all customers who are still using API Apps to implement the built-in policy called 'App Service apps should only be accessible over HTTPS', which is scoped to include API apps in addition to Web Apps. | ||||||||||||||
Cloud environments | AzureCloud = true AzureUSGovernment = unknown AzureChinaCloud = unknown |
||||||||||||||
Available in AzUSGov | Unknown, no evidence if Policy definition is/not available in AzureUSGovernment | ||||||||||||||
Assessment(s) |
Assessments count: 1 Assessment Id: bf82a334-13b6-ca57-ea75-096fc2ffce50 DisplayName: API App should only be accessible over HTTPS Description: Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks. Remediation description: To redirect all HTTP traffic to HTTPS, we recommend the following steps: 1. Go to the API App custom domains page 2. In the HTTPS Only toggle select On Categories: AppServices Severity: Medium User impact: Moderate Implementation effort: Low Threats: DataExfiltration, DataSpillage, MaliciousInsider |
||||||||||||||
Mode | Indexed | ||||||||||||||
Type | BuiltIn | ||||||||||||||
Preview | False | ||||||||||||||
Deprecated | True | ||||||||||||||
Effect | Default Audit Allowed Audit, Disabled |
||||||||||||||
RBAC role(s) | none | ||||||||||||||
Rule aliases | IF (1)
|
||||||||||||||
Rule resource types | IF (1) Microsoft.Web/sites |
||||||||||||||
Compliance | Not a Compliance control | ||||||||||||||
Initiatives usage | none | ||||||||||||||
History |
|
||||||||||||||
JSON compare |
compare mode:
version left:
version right:
|
||||||||||||||
JSON |
|