Logo of Trend Micro
Use the Conformity Knowledge Base AI to help improve your Cloud Posture

Enable Health Checks

Trend Cloud One™ – Conformity is a continuous assurance tool that provides peace of mind for your cloud infrastructure, delivering over 1000 automated best practice checks.

Risk Level: Medium (should be achieved)

Ensure that your Microsoft Azure App Service web applications are configured to use health checks for uninterrupted service. Health checks enhance your web application's availability by automatically removing unhealthy instances from the load balancer. If an instance continues to be unhealthy, it will be replaced.

Reliability
Operational
excellence

Enabling and configuring health checks for your Microsoft Azure App Service web applications ensures high availability by automatically detecting and removing unhealthy instances, leading to improved reliability and performance for your workloads.

Audit

To determine if your Azure App Service web applications are configured to use health checks, perform the following operations:

Using Azure Console

01 Sign in to the Azure Management Console.

02 Navigate to App Services blade available at https://portal.azure.com/#browse/Microsoft.Web%2Fsites.

03 Click on the name of the App Service web application that you want to examine, listed in the Name column.

04 In the resource navigation panel, under Monitoring, choose Health check to access the health check settings available for the selected web application.

05 Select the Health check tab and check the Health check configuration setting to determine the feature status. If Health check is set to Disable, the selected Microsoft Azure App Service web application is not configured to use health checks for uninterrupted service.

06 Repeat steps no. 3 – 5 for each Azure App Service web application deployed in the current subscription.

07 Repeat steps no. 3 – 6 for each subscriptions created in your Microsoft Azure cloud account.

Using Azure CLI

01 Run webapp list command (Windows/macOS/Linux) with custom query filters to list the IDs of all App Service web applications available in your current Azure subscription: 

az webapp list
  --query '[*].id'

02 The command output should return the requested web application IDs: 

[
	"/subscriptions/1234abcd-1234-abcd-1234-abcd1234abcd/resourceGroups/cloud-shell-storage-westeurope/providers/Microsoft.Web/sites/cc-ecommerce-app",
	"/subscriptions/1234abcd-1234-abcd-1234-abcd1234abcd/resourceGroups/cloud-shell-storage-westeurope/providers/Microsoft.Web/sites/cc-main-webapp"
]

03 Run webapp config show command (Windows/macOS/Linux) with the ID of the Azure App Service web application that you want to examine as the identifier parameter, to determine if the Health Check feature is enabled for the selected application, by checking for the health probe path: 

az webapp config show
  --ids "/subscriptions/1234abcd-1234-abcd-1234-abcd1234abcd/resourceGroups/cloud-shell-storage-westeurope/providers/Microsoft.Web/sites/cc-ecommerce-app"
  --query '{healthCheckPath:healthCheckPath}'

04 The command output should return the relative path of the health check probe configured for the selected application: 

{
	"healthCheckPath": null
}

If the webapp config show command output returns null for "healthCheckPath", as shown in the example above, there is no health probe path defined, therefore, the selected Microsoft Azure App Service web application is not configured to use health checks.

05 Repeat steps no. 3 and 4 for each Azure App Service application deployed within the current subscription.

06 Repeat steps no. 1 – 5 for each subscription available in your Microsoft Azure cloud account.

Remediation / Resolution

To enable and configure the Health Check feature for your Microsoft Azure App Service web applications in order to ensure uninterrupted service, perform the following operations:

Enabling health checks for Azure App Service web applications using Azure CLI or Azure PowerShell is not currently supported.

Using Azure Console

01 Sign in to the Azure Management Console.

02 Navigate to App Services blade available at https://portal.azure.com/#browse/Microsoft.Web%2Fsites.

03 Click on the name of the App Service web application that you want to configure, listed in the Name column.

04 In the resource navigation panel, under Monitoring, choose Health check to access the health check settings available for the selected web application.

05 Select the Health check tab and perform the following actions to enable and configure the Health Check feature for your application:

  1. Set Health check to Enable.
  2. For Health probe path, provide the relative path of the health check probe in the Path box. A valid health probe path starts with / (e.g. /api/health).
  3. For Unhealthy instance removal, use the Load balancing threshold slider to configure the threshold until a failing instance is considered unhealthy and removed from the application load balancer.
  4. Choose Save to apply the configuration changes.
  5. In the Save health check settings box, choose Save to confirm the changes. This will restart your web application.

06 Repeat steps no. 3 – 5 for each Azure App Service web application that you want to configure, available within the current Azure subscription.

07 Repeat steps no. 3 – 6 for each subscription created in your Microsoft Azure cloud account.

References

Publication date Aug 26, 2024

Related AppService rules