last sync: 2025-Mar-26 20:41:27 UTC

[Deprecated]: API App should only be accessible over HTTPS

Azure BuiltIn Policy definition

Source Azure Portal
Display name [Deprecated]: API App should only be accessible over HTTPS
Id b7ddfbdc-1260-477d-91fd-98bd9be789a6
Version 1.0.0-deprecated
Details on versioning
Versioning Versions supported for Versioning: 1
1.0.0 (1.0.0-deprecated)
Built-in Versioning [Preview]
Category App Service
Microsoft Learn
Description Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks. We recommend all customers who are still using API Apps to implement the built-in policy called 'App Service apps should only be accessible over HTTPS', which is scoped to include API apps in addition to Web Apps.
Cloud environments AzureCloud = true
AzureUSGovernment = unknown
AzureChinaCloud = unknown
Available in AzUSGov Unknown, no evidence if Policy definition is/not available in AzureUSGovernment
Assessment(s) Assessments count: 1
Assessment Id: bf82a334-13b6-ca57-ea75-096fc2ffce50
DisplayName: API App should only be accessible over HTTPS
Description: Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.
Remediation description: To redirect all HTTP traffic to HTTPS, we recommend the following steps:
1. Go to the API App custom domains page
2. In the HTTPS Only toggle select On
Categories: AppServices
Severity: Medium
User impact: Moderate
Implementation effort: Low
Threats: DataExfiltration, DataSpillage, MaliciousInsider
Mode Indexed
Type BuiltIn
Preview False
Deprecated True
Effect Default
Audit
Allowed
Audit, Disabled
RBAC role(s) none
Rule aliases IF (1)
Alias Namespace ResourceType Path PathIsDefault DefaultPath Modifiable
Microsoft.Web/sites/httpsOnly Microsoft.Web sites properties.httpsOnly True True
Rule resource types IF (1)
Microsoft.Web/sites
Compliance Not a Compliance control
Initiatives usage none
History
Date/Time (UTC ymd) (i) Change type Change detail
2022-06-07 16:30:19 change Version remains equal, new suffix: deprecated (1.0.0 > 1.0.0-deprecated)
JSON compare
compare mode: version left: version right:
JSON
api-version=2021-06-01
EPAC