LOW
Source
Trivy/CSPM
CSPM ID
identity-enabled
ID
AVD-AZU-0002

Web App has registration with AD enabled

Registering the identity used by an App with AD allows it to interact with other services without using username and password

Impact

Interaction between services can’t easily be achieved without username/password

Follow the appropriate remediation steps below to resolve the issue.

Follow the appropriate remediation steps below to resolve the issue.

    <button
      data-tab-item="Management Console"
      data-tab-group="remediation"
      class="tab-nav-button btn active"
      onclick="switchTab('remediation','Management Console')"
     >Management Console</button>

</div>
<div class="tab-content">
    
    <div data-tab-item="Management Console" data-tab-group="remediation" class="tab-item active">
        <ol>
    </div>
    
</div>

Register the app identity with AD

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
resource "azurerm_app_service" "good_example" {
  name                = "example-app-service"
  location            = azurerm_resource_group.example.location
  resource_group_name = azurerm_resource_group.example.name
  app_service_plan_id = azurerm_app_service_plan.example.id
  
  identity {
    type = "UserAssigned"
    identity_ids = "webapp1"
  }
}