last sync: 2024-Oct-07 17:51:17 UTC

Function apps should have authentication enabled

Azure BuiltIn Policy definition

Source Azure Portal
Display name Function apps should have authentication enabled
Id c75248c1-ea1d-4a9c-8fc9-29a6aabd5da8
Version 3.0.0
Details on versioning
Versioning Versions supported for Versioning: 1
3.0.0
Built-in Versioning [Preview]
Category App Service
Microsoft Learn
Description Azure App Service Authentication is a feature that can prevent anonymous HTTP requests from reaching the Function app, or authenticate those that have tokens before they reach the Function app.
Mode Indexed
Type BuiltIn
Preview False
Deprecated False
Effect Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
RBAC role(s) none
Rule aliases THEN-ExistenceCondition (1)
Alias Namespace ResourceType Path PathIsDefault DefaultPath Modifiable
Microsoft.Web/sites/config/siteAuthEnabled Microsoft.Web sites/config properties.siteAuthEnabled True False
Rule resource types IF (1)
Microsoft.Web/sites
Compliance
The following 7 compliance controls are associated with this Policy definition 'Function apps should have authentication enabled' (c75248c1-ea1d-4a9c-8fc9-29a6aabd5da8)
Control Domain Control Name MetadataId Category Title Owner Requirements Description Info Policy#
CIS_Azure_1.1.0 9.1 CIS_Azure_1.1.0_9.1 CIS Microsoft Azure Foundations Benchmark recommendation 9.1 9 AppService Ensure App Service Authentication is set on Azure App Service Shared The customer is responsible for implementing this recommendation. Azure App Service Authentication is a feature that can prevent anonymous HTTP requests from reaching the API app, or authenticate those that have tokens before they reach the API app. If an anonymous request is received from a browser, App Service will redirect to a logon page. To handle the logon process, a choice from a set of identity providers can be made, or a custom authentication mechanism can be implemented. link 5
CIS_Azure_1.3.0 9.1 CIS_Azure_1.3.0_9.1 CIS Microsoft Azure Foundations Benchmark recommendation 9.1 9 AppService Ensure App Service Authentication is set on Azure App Service Shared The customer is responsible for implementing this recommendation. Azure App Service Authentication is a feature that can prevent anonymous HTTP requests from reaching the API app, or authenticate those that have tokens before they reach the API app. If an anonymous request is received from a browser, App Service will redirect to a logon page. To handle the logon process, a choice from a set of identity providers can be made, or a custom authentication mechanism can be implemented. link 5
CIS_Azure_1.4.0 9.1 CIS_Azure_1.4.0_9.1 CIS Microsoft Azure Foundations Benchmark recommendation 9.1 9 AppService Ensure App Service Authentication is set up for apps in Azure App Service Shared The customer is responsible for implementing this recommendation. Azure App Service Authentication is a feature that can prevent anonymous HTTP requests from reaching the API app, or authenticate those that have tokens before they reach the API app. If an anonymous request is received from a browser, App Service will redirect to a logon page. To handle the logon process, a choice from a set of identity providers can be made, or a custom authentication mechanism can be implemented. link 5
CIS_Azure_2.0.0 9.1 CIS_Azure_2.0.0_9.1 CIS Microsoft Azure Foundations Benchmark recommendation 9.1 9 Ensure App Service Authentication is set up for apps in Azure App Service Shared This is only required for App Services which require authentication. Enabling on site like a marketing or support website will prevent unauthenticated access which would be undesirable. Adding Authentication requirement will increase cost of App Service and require additional security components to facilitate the authentication. Azure App Service Authentication is a feature that can prevent anonymous HTTP requests from reaching a Web Application or authenticate those with tokens before they reach the app. If an anonymous request is received from a browser, App Service will redirect to a logon page. To handle the logon process, a choice from a set of identity providers can be made, or a custom authentication mechanism can be implemented. By Enabling App Service Authentication, every incoming HTTP request passes through it before being handled by the application code. It also handles authentication of users with the specified provider (Azure Active Directory, Facebook, Google, Microsoft Account, and Twitter), validation, storing and refreshing of tokens, managing the authenticated sessions and injecting identity information into request headers. link 5
New_Zealand_ISM 14.5.8.C.01 New_Zealand_ISM_14.5.8.C.01 New_Zealand_ISM_14.5.8.C.01 14. Software security Web Application Development - Web applications n/a The Open Web Application Security Project guide provides a comprehensive resource to consult when developing Web applications. 18
NZ_ISM_v3.5 SS-9 NZ_ISM_v3.5_SS-9 NZISM Security Benchmark SS-9 Software security 14.5.8 Web applications Customer n/a The Open Web Application Security Project guide provides a comprehensive resource to consult when developing Web applications. link 12
RMiT_v1.0 10.54 RMiT_v1.0_10.54 RMiT 10.54 Access Control Access Control - 10.54 Shared n/a A financial institution must implement an appropriate access controls policy for the identification, authentication and authorisation of users (internal and external users such as third party service providers). This must address both logical and physical technology access controls which are commensurate with the level of risk of unauthorised access to its technology systems. link 17
Initiatives usage
Initiative DisplayName Initiative Id Initiative Category State Type
[Deprecated]: New Zealand ISM Restricted v3.5 93d2179e-3068-c82f-2428-d614ae836a04 Regulatory Compliance Deprecated BuiltIn
[Preview]: Control the use of App Service in a Virtual Enclave 528d78c5-246c-4f26-ade6-d30798705411 VirtualEnclaves Preview BuiltIn
CIS Microsoft Azure Foundations Benchmark v1.1.0 1a5bb27d-173f-493e-9568-eb56638dde4d Regulatory Compliance GA BuiltIn
CIS Microsoft Azure Foundations Benchmark v1.3.0 612b5213-9160-4969-8578-1518bd2a000c Regulatory Compliance GA BuiltIn
CIS Microsoft Azure Foundations Benchmark v1.4.0 c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5 Regulatory Compliance GA BuiltIn
CIS Microsoft Azure Foundations Benchmark v2.0.0 06f19060-9e68-4070-92ca-f15cc126059e Regulatory Compliance GA BuiltIn
New Zealand ISM 4f5b1359-4f8e-4d7c-9733-ea47fcde891e Regulatory Compliance GA BuiltIn
RMIT Malaysia 97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6 Regulatory Compliance GA BuiltIn
History
Date/Time (UTC ymd) (i) Change type Change detail
2022-07-01 16:32:34 change Major (2.0.0 > 3.0.0)
2022-04-01 20:29:14 change Major (1.0.0 > 2.0.0)
2019-12-11 09:18:30 add c75248c1-ea1d-4a9c-8fc9-29a6aabd5da8
JSON compare
compare mode: version left: version right:
JSON
api-version=2021-06-01
EPAC