Ensure that your Microsoft Azure App Service web applications are configured to require an SSL certificate from all incoming requests, for security and compliance purposes. Once the certificate is implemented, only web clients that have this valid SSL certificate will be able to reach your web application. By default, incoming client certificates are disabled for Azure App Service web applications.
This rule resolution is part of the Conformity Security & Compliance tool for Azure.
The SSL/TLS mutual authentication approach utilized in enterprise cloud environments ensures the authenticity of web clients to the application server. If incoming client certificates are enabled, then only an authenticated client with a valid SSL certificate can access the web application.
Audit
To determine if your Azure App Service web applications are configured to require client certificates for incoming requests, perform the following actions:
Remediation / Resolution
To update the TLS/SSL configuration settings available for your Microsoft Azure App Service web applications in order to require client certificates for incoming requests, perform the following actions:
References
- Azure Official Documentation
- Azure App Service TLS overview
- Configure TLS mutual authentication for Azure App Service
- CIS Microsoft Azure Foundations
- Azure PowerShell Documentation
- az webapp list
- az webapp show
- az webapp update
- az webapp config show