Detections
Analytics

Ensure that authentication feature is enabled for Azure Function App

LOW

Description

Azure Function App has the ability to require authentication as protection from unwanted access. It is considered best practice to use authentication/authorization methodologies based on identity. For more information on securing Function Apps, see the Azure documentation.
Resources:
https://learn.microsoft.com/en-us/azure/azure-functions/security-concepts?tabs=v4

Remediation

In Azure Console -

  1. Open the Azure Portal and go to Function App.
  2. Choose the Function App you wish to edit.
  3. Under Settings, select Authentication.
  4. Configure an identity provider as needed.

In Terraform -
For Azure Provider versions prior to v4.x (deprecated in favor of azurerm_linux_function_app and azurerm_windows_function_app resources):

  1. In the azurerm_function_app resource, create an auth_settings block.
  2. Configure the default_provider and active_directory as needed.
  3. Set auth_settings.enabled to true.

References:
https://learn.microsoft.com/en-us/azure/azure-functions/
https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/function_app#auth_settings

Policy Details

Rule Reference ID: AC_AZURE_0303
CSP: Azure
Remediation Available: Yes
Domain: Security Best Practices
Resource: azurerm_function_app
Resource Category: Serverless
Resource Type: Function App

Frameworks