Control: Ensure that Register with Azure Active Directory is enabled on App Service
Description
Managed service identity in App Service provides more security by eliminating secrets from the app, such as credentials in the connection strings. When registering with Azure Active Directory in App Service, the app will connect to other Azure services securely without the need for usernames and passwords.
Usage
Run the control in your terminal:
powerpipe control run azure_compliance.control.appservice_web_app_register_with_active_directory_enabledSnapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run azure_compliance.control.appservice_web_app_register_with_active_directory_enabled --shareSQL
This control uses a named query:
select app.id as resource, case when identity = '{}' then 'alarm' else 'ok' end as status, case when identity = '{}' then name || ' register with azure active directory disabled.' else name || ' register with azure active directory enabled.' end as reason , app.resource_group as resource_group , sub.display_name as subscriptionfrom azure_app_service_web_app as app left join azure_subscription as sub on sub.subscription_id = app.subscription_id;