Turbot Guardrails Hub 
Hub
  • Mods
  • Policy Packs
  • Docs
  • Home
ModsPolicy PacksDocsHome
Mods
Azure
Loading policies...

Policy: Azure > CIS v3.0 > 09 - Application Services > 09.02 - Ensure App Service Authentication is set up for apps in Azure App Service

Configures auditing against a CIS Benchmark item.

Level: 2

Azure App Service Authentication is a feature that can prevent anonymous HTTP requests from reaching a Web Application or authenticate those with tokens before they reach the app. If an anonymous request is received from a browser, App Service will redirect to a logon page. To handle the logon process, a choice from a set of identity providers can be made, or a custom authentication mechanism can be implemented.

By Enabling App Service Authentication, every incoming HTTP request passes through it before being handled by the application code. It also handles authentication of users with the specified provider (Entra ID, Facebook, Google, Microsoft Account, and Twitter), validation, storing and refreshing of tokens, managing the authenticated sessions and injecting identity information into request headers. Disabling HTTP Basic Authentication functionality further ensures legacy authentication methods are disabled within the application.

Targets

This policy targets the following resource types:

  • Azure > App Service > Web App

Primary Policy

This policy is used with the following primary policy:

  • Azure > CIS v3.0 > 09 - Application Services

Controls

Setting this policy configures this control:

  • Azure > CIS v3.0 > 09 - Application Services > 09.02 - Ensure App Service Authentication is set up for apps in Azure App Service

Policy Specification

Schema Type
string
Default
Per Azure > CIS v3.0 > 09 - Application Services
Valid Values [YAML]
  • Per Azure > CIS v3.0 > 09 - Application Services

  • Skip

  • Check: Benchmark

Category

  • CIS > Controls v7 > 14 Controlled Access Based on the Need to Know > 14.06 Protect Information through Access Control Lists

In Your Workspace

  • Policy Settings by Type report

Developers

    Category URI
    • tmod:@turbot/cis#/control/categories/v071406
    • Policy Type URI
    • tmod:@turbot/azure-cisv3-0#/policy/types/r0902
    • GraphQL
    • query policyType(id: "tmod:@turbot/azure-cisv3-0#/policy/types/r0902") { … }
    • query policySettings(filter: "policyTypeId:'tmod:@turbot/azure-cisv3-0#/policy/types/r0902'") { … }
    • query policyValues(filter: "policyTypeId:'tmod:@turbot/azure-cisv3-0#/policy/types/r0902'") { … }
    • CLI
    • Get Policy Type
    • turbot graphql policy-type --id "tmod:@turbot/azure-cisv3-0#/policy/types/r0902"
      • Get Policy Settings
    • turbot graphql policy-settings --filter "policyTypeId:tmod:@turbot/azure-cisv3-0#/policy/types/r0902"
Guardrails
Guardrails Hub
  • Hub
  • Docs
  • Blog
  • Changelog
Products
  • GuardrailsGuardrails
  • PipesPipes
  • SteampipeSteampipe
  • PowerpipePowerpipe
  • FlowpipeFlowpipe
  • TailpipeTailpipe
Turbot
  • Home
  • About us
  • We're hiring!
  • Contact us
Community

Our community of practitioners love to discuss cloud governance & security.

Slack logoJoin us on Slack →

System StatusLegalSecurity
Terms of UseSecurityPrivacy
50
Mods
204
Resource Types
3,575
Policies
1,941
Controls
103
Quick Actions
111
IAM