Plugin Title Authentication Enabled
Cloud AZURE
Category App Service
Description Ensures Authentication is enabled for App Services, redirecting unauthenticated users to the login page.
More Info Enabling authentication will redirect all unauthenticated requests to the login page. It also handles authentication of users with specific providers (Azure Active Directory, Facebook, Google, Microsoft Account, and Twitter).
AWS Link https://docs.microsoft.com/en-us/azure/app-service/overview-authentication-authorization
Recommended Action Enable App Service Authentication for all App Services.


Detailed Remediation Steps

  1. Log into the Microsoft Azure Management Console.
  2. Select the "Search resources, services, and docs" option at the top and search for App Services.
  3. Select the "App Services" by clicking on the "Name" link to access the configuration changes.
  4. Scroll down the selected "App Services" navigation panel and in "Settings" click on the "Authentication / Authorization" option.
  5. On the "Authentication / Authorization" page check if "App Service Authentication" is "ON/OFF". If it's turned "OFF" all unauthenticated requests to the login page will not be redirected.
  6. Repeat steps number 2 - 5 to cross check "Authentication / Authorization" for other "App Services."
  7. Navigate to the "App Services", select the "App Service" and click on the "Name", select the "Authentication / Authorization" under "Settings."
  8. Click on the "ON" option under "App Service Authentication" and click on the "Save" button at the top to make the chamges.
  9. Repeat above steps for enabling "Authentication" to redirect all unauthenticated requests to the login page.

Want to scan for this risk automatically?

Get Started Now