Ensure that registration with Azure Active Directory (AAD) is enabled for Microsoft Azure App Service web applications so that your applications can connect to other Azure cloud services securely without the need of access credentials such as user names and passwords.
This rule resolution is part of the Conformity Security & Compliance tool for Azure.
App Service is a highly scalable and self-patching web hosting service provided by Microsoft Azure. The service also provides a managed identity for your web applications, which is a turn-key solution for securing access to other Azure cloud services. A system assigned managed identity like Azure Active Directory (AAD) enables App Service web applications to authenticate to cloud services such as Azure Key Vault and Azure Storage without the need of storing credentials within the application code.
Audit
To determine if registration with Azure Active Directory is enabled for your App Service web applications, perform the following actions:
Remediation / Resolution
To enable registration with Microsoft Azure Active Directory (AAD) so that your web applications can securely access other Azure cloud services without the need of using credentials stored in the application code, perform the following actions:
References
- Azure Official Documentation
- App Service
- What are managed identities for Azure resources?
- Tutorial: Secure Azure SQL Database connection from App Service using a managed identity
- CIS Microsoft Azure Foundations
- Azure PowerShell Documentation
- az webapp
- az webapp list
- az webapp identity
- az webapp identity show
- az webapp identity assign
Unlock the Remediation Steps
Free 30-day Trial
Automatically audit your configurations with Conformity
and gain access to our cloud security platform.
You are auditing:
Enable Registration with Azure Active Directory
Risk Level: Medium