Azure-AppService-Client-Certificates-Enabled

Severity: High

Description: This control ensures that function app has Client Certificates ( Incoming client certificates) set to ON. Client certificates allow for the app to request a certificate for incoming requests. Only clients that have a valid certificate will be able to reach the app. If incoming client certificates are enabled, then only an authenticated client who has valid certificates can access the app.

Remediation Steps:

Perform following to update App Service configuration:

1. Login to Azure Portal using https://portal.azure.com.

2. Go to App Services.

3. In General Settings click on All settings.

4. In the LHS menu, under Setting, Click on Configuration.

5. Under General Setting, under Incoming client certificate, set Require incoming certificate to On.

6. Click Save.

Important:

Reference:

• Azure Function App Best Practices control