Ensure that authentication feature is enabled for Azure Windows Function App

LOW

Description

Azure Function App has the ability to require authentication as protection from unwanted access. It is considered best practice to use authentication/authorization methodologies based on identity. For more information on securing Function Apps, see the Azure documentation.
Resources:
https://learn.microsoft.com/en-us/azure/azure-functions/security-concepts?tabs=v4

Remediation

In Azure Console -

Open the Azure Portal and go to Function App.
Choose the Function App you wish to edit.
Under Settings, select Authentication.
Configure an identity provider as needed.

In Terraform -

In the azurerm_windows_function_app resource, create an auth_settings block.
Configure the default_provider and active_directory as needed.
Set auth_settings.enabled to true.

References:
https://learn.microsoft.com/en-us/azure/azure-functions/
https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/windows_function_app#auth_settings

Policy Details

Rule Reference ID: AC_AZURE_0120

CSP: Azure

Remediation Available: Yes

Domain: Security Best Practices

Resource: azurerm_windows_function_app

Resource Category: Serverless

Resource Type: Function App

Frameworks

GDPR
HIPAA
ISO-27001
NIST-800-171
NIST-800-53
NIST-CSF