Aqua CSPM
AZUREApp Service

Identity Enabled

Quick Info

Plugin TitleIdentity Enabled
CloudAZURE
CategoryApp Service
DescriptionEnsures a system or user assigned managed identity is enabled to authenticate to App Services without storing credentials in the code.
More InfoMaintaining cloud connection credentials in code is a security risk. Credentials should never appear on developer workstations and should not be checked into source control. Managed identities for Azure resources provides Azure services with a managed identity in Azure AD which can be used to authenticate to any service that supports Azure AD authentication, without having to include any credentials in code.
AZURE Linkhttps://docs.microsoft.com/en-us/azure/app-service/overview-managed-identity
Recommended ActionEnable system or user-assigned identities for all App Services and avoid storing credentials in code.

Detailed Remediation Steps

  1. Log into the Microsoft Azure Management Console.
  2. Select the “Search resources, services, and docs” option at the top and search for App Services.
  3. Select the “App Services” by clicking on the “Name” link to access the configuration changes.
  4. Scroll down the selected “App Services” navigation panel and in “Settings” click on the “Identity” option.</br <img src="/resources/azure/appservice/identity-enabled/step4.png)
  5. On the “Identity” page verify the “Status” option under “System assigned” tab. Is the “Status” is set to “Off” then the “Identity” is not enabled to authenticate to App Service without storing credentials in the code.
  6. Repeat steps number 2 - 5 to verify other “Apps” Identity status in the account.
  7. Navigate to the “App Services”, select the “App Service” and click on the “Name” as a link to access the configuration, select the “Identity” under “Settings."
  8. On the “System assigned” page scroll down and select the “On” option next to “Status” and click on the “Save” button to ensure identity is authenticated to all services that supports Azure AD authentication, without having to include any credentials in code.
  9. Repeat above steps to ensures a system or user assigned managed identity is enabled to authenticate to App Service without storing credentials in the code.

Cloud Security Posture Management (CSPM)

Scan, monitor and remediate configuration issues in public cloud accounts according to best practices and compliance standards, across AWS, Azure, Google Cloud, and Oracle Cloud.
Sign up for free
Aqua SaaS Plans
The fastest track to get started with Aqua
Start Now
Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.
Copyright © 2021 Aqua Security Software Ltd.   Privacy Policy | Terms of Use