| Source | Azure Portal | |||||||||||||||||||||
| Display name | [Deprecated]: Managed identity should be used in your API App | |||||||||||||||||||||
| Id | c4d441f8-f9d9-4a9e-9cef-e82117cb3eef | |||||||||||||||||||||
| Version | 2.0.0-deprecated Details on versioning |
|||||||||||||||||||||
| Versioning |
Versions supported for Versioning: 1 2.0.0 (2.0.0-deprecated) Built-in Versioning [Preview] |
|||||||||||||||||||||
| Category | App Service Microsoft Learn |
|||||||||||||||||||||
| Description | Use a managed identity for enhanced authentication security. We recommend all customers who are still using API Apps to implement the built-in policy called 'App Service apps should use managed identity', which is scoped to include API apps in addition to Web Apps. | |||||||||||||||||||||
| Cloud environments | AzureCloud = true AzureUSGovernment = unknown AzureChinaCloud = unknown |
|||||||||||||||||||||
| Available in AzUSGov | Unknown, no evidence if Policy definition is/not available in AzureUSGovernment | |||||||||||||||||||||
| Assessment(s) |
Assessments count: 1 Assessment Id: cc6d1865-7617-3cb2-cf7d-4cfc01ece1df DisplayName: Managed identity should be used in API apps Description: Using a managed identity in API apps on Azure significantly enhances authentication security. Managed identities provide an identity for the Azure resource in Azure AD, which is used to obtain Azure AD tokens, eliminating the need for developers to manage credentials. Without this, the management of credentials could become complex and potentially lead to security vulnerabilities. Therefore, we recommend to use managed identities in API apps to ensure secure and efficient authentication. Remediation description: To create a managed identity for your API app: 1. Go to the App Service for your API app 2. Scroll to the Settings group in the left navigation 3. Select Identity 4. Use System assigned or User assigned identity following the steps described in this doc: https://aka.ms/managed-identity Categories: AppServices Severity: Medium preview: True |
|||||||||||||||||||||
| Mode | Indexed | |||||||||||||||||||||
| Type | BuiltIn | |||||||||||||||||||||
| Preview | False | |||||||||||||||||||||
| Deprecated | True | |||||||||||||||||||||
| Effect | Default AuditIfNotExists Allowed AuditIfNotExists, Disabled |
|||||||||||||||||||||
| RBAC role(s) | none | |||||||||||||||||||||
| Rule aliases | THEN-ExistenceCondition (2)
|
|||||||||||||||||||||
| Rule resource types | IF (1) |
|||||||||||||||||||||
| Compliance | Not a Compliance control | |||||||||||||||||||||
| Initiatives usage | none | |||||||||||||||||||||
| History |
|
|||||||||||||||||||||
| JSON compare |
compare mode:
version left:
version right:
|
|||||||||||||||||||||
| JSON |
|