Account Identity Registered | Vulnerability Database

Web App has registration with AD enabled

Registering the identity used by an App with AD allows it to interact with other services without using username and password

Impact

Interaction between services can’t easily be achieved without username/password

Recommended Actions

Follow the appropriate remediation steps below to resolve the issue.

Log into the Microsoft Azure Management Console.
Find the search bar at the top and search for App Services.
Select the “App Service” by clicking on “Name” to go to its configuration.
Scroll down the selected “App Services” navigation panel and in “Settings” click on the “Identity” option.</br
On the “Identity” page verify the “Status” option under “System assigned” tab. If the “Status” is set to “Off” then the “Identity” is not enabled to authenticate to App Service without storing credentials in the code. It is recommended to use Identity management to store credentials for other services such as Storage, SQL etc.
If the “Status” is set to “Off” then select the “On” option next to “Status” to turn on Identity management.
Click on the “Save” button at the top to ensure identity is authenticated to all services that supports Azure AD authentication, without having to include any credentials in code.
Click “Yes” in the confirmation popup to complete the change.
Repeat steps 3 - 8 to ensure a system or user assigned managed identity is enabled for all “App services” in the account.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12


 resource "azurerm_app_service" "good_example" {
   name                = "example-app-service"
   location            = azurerm_resource_group.example.location
   resource_group_name = azurerm_resource_group.example.name
   app_service_plan_id = azurerm_app_service_plan.example.id
 
   identity {
     type = "UserAssigned"
     identity_ids = "webapp1"
   }
 }
 

Remediation Links

https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/app_service#identity