Ensure that registration with Microsoft Entra ID is enabled for Microsoft Azure App Service web applications so that your applications can connect to other Azure cloud services securely without the need of access credentials such as user names and passwords.
This rule resolution is part of the Conformity Security & Compliance tool for Azure.
App Service is a highly scalable and self-patching web hosting service provided by Microsoft Azure. The service also provides a managed identity for your web applications, which is a turn-key solution for securing access to other Azure cloud services. A system assigned managed identity like Microsoft Entra ID enables App Service web applications to authenticate to cloud services such as Azure Key Vault and Azure Storage without the need of storing credentials within the application code.
Audit
To determine if registration with Microsoft Entra ID is enabled for your App Service web applications, perform the following actions:
Remediation / Resolution
To enable registration with Microsoft Entra ID so that your web applications can securely access other Azure cloud services without the need of using credentials stored in the application code, perform the following actions:
References
- Azure Official Documentation
- App Service
- What are managed identities for Azure resources?
- Tutorial: Connect to SQL Database from .NET App Service without secrets using a managed identity
- CIS Microsoft Azure Foundations
- Azure PowerShell Documentation
- az webapp
- az webapp list
- az webapp identity
- az webapp identity show
- az webapp identity assign