Azure-AppService-Authentication-Enabled

Severity: High

Description: This control ensures that App Service Authentication is set on Azure App Service. If an anonymous request is received from a browser, App Service will redirect to a logon page. To handle the logon process, a choice from a set of identity providers can be made, or a custom authentication mechanism can be implemented.

Remediation Steps:

Perform following to update App Service configuration:

1. Login to Azure Portal using https://portal.azure.com.

2. Go to App Services.

3. Click on affected Web App.

4. Set App Service Authentication to On

5. Choose other parameters as per your requirement

6. Click on Save .

Important:

Reference:

• Azure Foundations Benchmark v1.3.0 - 02-01-2021 : Recommendation #9.1

• https://docs.microsoft.com/en-us/azure/app-service/overview-authentication-authorization