⭐ Repository → 📁 Compliance Engine → 📁 CloudAware → 📁 Azure → 📁 App Service

🛡️ Azure App Service is not registered with Microsoft Entra ID🟢

Contextual name: 🛡️ App Service is not registered with Microsoft Entra ID🟢
ID: /ce/ca/azure/app-service/app-service-registered-with-microsoft-entra-id
Tags:
- 🟢 Policy with categories
- 🟢 Policy with type
- 🟢 Production policy
Policy Type: COMPLIANCE_POLICY
Policy Categories: SECURITY

Logic

🧠 prod.logic.yaml🟢
- 📗 Azure App Service
- 🔌 Azure App Service - object.extracts.yaml
- 🧪 test-data.json

Similar Policies

Cloud Conformity: Enable Registration with Microsoft Entra ID
Internal: dec-x-1fc681bc

Similar Internal Rules

Rule	Policies	Flags
✉️ dec-x-1fc681bc	1

Description

Open File

Description

Managed service identity in App Service provides more security by eliminating secrets from the app, such as credentials in the connection strings. When registering an App Service with Entra ID, the app will connect to other Azure services securely without the need for usernames and passwords.

Rationale

App Service provides a highly scalable, self-patching web hosting service in Azure. It also provides a managed identity for apps, which is a turn-key solution for securing access to Azure SQL Database and other Azure services.

Audit

From Azure Portal

From Azure Portal open the Portal Menu in the top left.

Go to App Services.

Click on each App.

Under the Setting section, Click on Identity.

Under the System assigned pane, ensure that Status set to On.

From Azure CLI

To check Register with Entra ID feature status for an existing app, run the following command:
az webapp identity show --resource-group <RESOURCE_GROUP_NAME> --name <APP_NAME> --query principalId
The output should return unique Principal ID.

... see more

Remediation

Open File

Remediation

From Azure Portal

Login to Azure Portal using https://portal.azure.com.

Go to App Services.

Click on each App.

Under Setting section, Click on Identity.

Under the System assigned pane, set Status to On.

From Azure CLI

To register with Entra ID for an existing app, run the following command:
az webapp identity assign --resource-group <RESOURCE_GROUP_NAME> --name <APP_NAME>
From PowerShell

To register with Entra ID for an existing app, run the following command:
Set-AzWebApp -AssignIdentity $True -ResourceGroupName <resource_Group_Name> -Name <App_Name>

policy.yaml

Open File

Linked Framework Sections

Section	Internal Rules	Policies	Compliance
💼 CIS Azure v1.1.0 → 💼 9.5 Ensure that Register with Azure Active Directory is enabled on App Service	1	1	no data
💼 CIS Azure v1.3.0 → 💼 9.5 Ensure that Register with Azure Active Directory is enabled on App Service - Level 1 (Automated)	1	1	no data
💼 CIS Azure v1.4.0 → 💼 9.5 Ensure that Register with Azure Active Directory is enabled on App Service - Level 1 (Automated)	1	1	no data
💼 CIS Azure v1.5.0 → 💼 9.5 Ensure that Register with Azure Active Directory is enabled on App Service - Level 1 (Automated)	1	1	no data
💼 CIS Azure v2.0.0 → 💼 9.5 Ensure that Register with Azure Active Directory is enabled on App Service - Level 1 (Automated)	1	1	no data
💼 CIS Azure v2.1.0 → 💼 9.4 Ensure that Register with Entra ID is enabled on App Service - Level 1 (Automated)	1	1	no data
💼 CIS Azure v3.0.0 → 💼 9.5 Ensure that Register with Entra ID is enabled on App Service (Automated)		1	no data
💼 Cloudaware Framework → 💼 Secure Access		55	no data
💼 FedRAMP High Security Controls → 💼 AC-2(1) Automated System Account Management (M)(H)		16	no data
💼 FedRAMP Moderate Security Controls → 💼 AC-2(1) Automated System Account Management (M)(H)		16	no data
💼 ISO/IEC 27001:2013 → 💼 A.9.2.2 User access provisioning	4	4	no data
💼 ISO/IEC 27001:2022 → 💼 5.15 Access control	14	30	no data
💼 NIST CSF v1.1 → 💼 PR.AC-1: Identities and credentials are issued, managed, verified, revoked, and audited for authorized devices, users and processes	19	30	no data
💼 NIST CSF v1.1 → 💼 PR.AC-7: Users, devices, and other assets are authenticated (e.g., single-factor, multi-factor) commensurate with the risk of the transaction (e.g., individuals' security and privacy risks and other organizational risks)	19	23	no data
💼 NIST CSF v2.0 → 💼 PR.AA-01: Identities and credentials for authorized users, services, and hardware are managed by the organization		38	no data
💼 NIST CSF v2.0 → 💼 PR.AA-03: Users, services, and hardware are authenticated		32	no data
💼 NIST CSF v2.0 → 💼 PR.AA-05: Access permissions, entitlements, and authorizations are defined in a policy, managed, enforced, and reviewed, and incorporate the principles of least privilege and separation of duties		91	no data
💼 NIST SP 800-53 Revision 5 → 💼 AC-2(1) Account Management _ Automated System Account Management	4	16	no data
💼 SOC 2 → 💼 CC6.1-4 Identifies and Authenticates Users	4	6	no data
💼 SOC 2 → 💼 CC6.1-8 Manages Identification and Authentication	18	24	no data

Logic​

Similar Policies​

Similar Internal Rules​

Description​

Description​

Rationale​

Audit​

From Azure Portal​

From Azure CLI​

Remediation​

Remediation​

From Azure Portal​

From Azure CLI​

From PowerShell​

policy.yaml​

Linked Framework Sections​

Logic

Similar Policies

Similar Internal Rules

Description

Description

Rationale

Audit

From Azure Portal

From Azure CLI

Remediation

Remediation

From Azure Portal

From Azure CLI

From PowerShell

policy.yaml

Linked Framework Sections