Control: Ensure App Service authentication is set up for function apps in Azure App Service
Description
Azure App Service authentication is a feature that can prevent anonymous HTTP requests from reaching a Web Application or authenticate those with tokens before they reach the app. If an anonymous request is received from a browser, App Service will redirect to a logon page. To handle the logon process, a choice from a set of identity providers can be made, or a custom authentication mechanism can be implemented.
Usage
Run the control in your terminal:
powerpipe control run azure_compliance.control.appservice_function_app_authentication_onSnapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run azure_compliance.control.appservice_function_app_authentication_on --shareSQL
This control uses a named query:
select fa.id as resource, case when auth_settings -> 'properties' ->> 'enabled' = 'true' then 'ok' else 'alarm' end as status, case when auth_settings -> 'properties' ->> 'enabled' = 'true' then name || ' authentication enabled.' else name || ' authentication disabled.' end as reason , fa.resource_group as resource_group , sub.display_name as subscriptionfrom azure_app_service_function_app fa left join azure_subscription as sub on sub.subscription_id = fa.subscription_id;