| Source | Azure Portal | ||||||||||||||||||
| Display name | [Deprecated]: Function apps should have 'Client Certificates (Incoming client certificates)' enabled | ||||||||||||||||||
| Id | eaebaea7-8013-4ceb-9d14-7eb32271373c | ||||||||||||||||||
| Version | 3.1.0-deprecated Details on versioning |
||||||||||||||||||
| Versioning |
Versions supported for Versioning: 1 3.1.0 (3.1.0-deprecated) Built-in Versioning [Preview] |
||||||||||||||||||
| Category | App Service Microsoft Learn |
||||||||||||||||||
| Description | Client certificates allow for the app to request a certificate for incoming requests. Only clients with valid certificates will be able to reach the app. This policy has been replaced by a new policy with the same name because Http 2.0 doesn't support client certificates. | ||||||||||||||||||
| Cloud environments | AzureCloud = true AzureUSGovernment = unknown AzureChinaCloud = unknown |
||||||||||||||||||
| Available in AzUSGov | Unknown, no evidence if Policy definition is/not available in AzureUSGovernment | ||||||||||||||||||
| Assessment(s) |
Assessments count: 1 Assessment Id: c2ab4bea-c663-3259-a4cd-03a8feb02825 DisplayName: Function apps should have Client Certificates (Incoming client certificates) enabled Description: Enabling Client Certificates in function apps is a security measure that ensures only clients with valid certificates can access the app. This feature requests a certificate for incoming requests, acting as a form of authentication. If this is not enabled, the app could be exposed to unauthorized access, potentially leading to data breaches or other security incidents. Therefore, we recommend enabling incoming client certificates for function apps to maintain a secure environment. Remediation description: To set Client Certificates for your Function App: 1. Navigate to your App Service 2. Select Configuration 3. Go to the General Settings tab 4. Set Incoming Client Certificates to Require For more information, visit here: https://aka.ms/auth-tls Categories: AppServices Severity: Medium preview: True |
||||||||||||||||||
| Mode | Indexed | ||||||||||||||||||
| Type | BuiltIn | ||||||||||||||||||
| Preview | False | ||||||||||||||||||
| Deprecated | True | ||||||||||||||||||
| Effect | Default Disabled Allowed Audit, Disabled |
||||||||||||||||||
| RBAC role(s) | none | ||||||||||||||||||
| Rule aliases | IF (1)
|
||||||||||||||||||
| Rule resource types | IF (1) |
||||||||||||||||||
| Compliance | Not a Compliance control | ||||||||||||||||||
| Initiatives usage | none | ||||||||||||||||||
| History |
|
||||||||||||||||||
| JSON compare |
compare mode:
version left:
version right:
|
||||||||||||||||||
| JSON |
|