AzPolicyAdvertizer

last sync: 2021-Sep-24 16:09:49 UTC

Azure Policy definition

Authentication should be enabled on your Function app

Name Authentication should be enabled on your Function app
Azure Portal
Id c75248c1-ea1d-4a9c-8fc9-29a6aabd5da8
Version 1.0.0
details on versioning
Category App Service
Microsoft docs
Description Azure App Service Authentication is a feature that can prevent anonymous HTTP requests from reaching the Function app, or authenticate those that have tokens before they reach the Function app
Mode Indexed
Type BuiltIn
Preview FALSE
Deprecated FALSE
Effect Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)
Used RBAC Role none
History
Date/Time (UTC ymd) (i) Change type Change detail
2019-12-11 09:18:30 add c75248c1-ea1d-4a9c-8fc9-29a6aabd5da8
Used in Initiatives
Initiative DisplayName Initiative Id Initiative Category State
CIS Microsoft Azure Foundations Benchmark v1.1.0 1a5bb27d-173f-493e-9568-eb56638dde4d Regulatory Compliance GA
CIS Microsoft Azure Foundations Benchmark v1.3.0 612b5213-9160-4969-8578-1518bd2a000c Regulatory Compliance GA
JSON 
{
  "displayName": "Authentication should be enabled on your Function app",
  "policyType": "BuiltIn",
  "mode": "Indexed",
  "description": "Azure App Service Authentication is a feature that can prevent anonymous HTTP requests from reaching the Function app, or authenticate those that have tokens before they reach the Function app",
  "metadata": {
    "version": "1.0.0",
    "category": "App Service"
  },
  "parameters": {
    "effect": {
      "type": "String",
      "metadata": {
        "displayName": "Effect",
        "description": "Enable or disable the execution of the policy"
      },
      "allowedValues": [
        "AuditIfNotExists",
        "Disabled"
      ],
      "defaultValue": "AuditIfNotExists"
    }
  },
  "policyRule": {
    "if": {
      "allOf": [
        {
          "field": "type",
          "equals": "Microsoft.Web/sites"
        },
        {
          "field": "kind",
          "equals": "functionapp"
        }
      ]
    },
    "then": {
      "effect": "[parameters('effect')]",
      "details": {
        "type": "Microsoft.Web/sites/config",
        "name": "web",
        "existenceCondition": {
          "field": "Microsoft.Web/sites/config/siteAuthEnabled",
          "equals": "true"
        }
      }
    }
  }
}