Control: Ensure the web app has 'Client Certificates (Incoming client certificates)' set to 'On'
Description
Client certificates allow for the app to request a certificate for incoming requests. Only clients that have a valid certificate will be able to reach the app.
Usage
Run the control in your terminal:
powerpipe control run azure_compliance.control.appservice_web_app_incoming_client_cert_onSnapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run azure_compliance.control.appservice_web_app_incoming_client_cert_on --shareSQL
This control uses a named query:
select app.id as resource, case when not client_cert_enabled then 'alarm' else 'ok' end as status, case when not client_cert_enabled then name || ' incoming client certificates set to off.' else name || ' incoming client certificates set to on.' end as reason , app.resource_group as resource_group , sub.display_name as subscriptionfrom azure_app_service_web_app as app, azure_subscription as subwhere sub.subscription_id = app.subscription_id;