Ensure that 'Basic Authentication' is 'Disabled'
Why This Matters
Basic Authentication creates an isolated identity silo within your App Service, bypassing centralized identity management and security controls. This misconfiguration can grant privileged access to resources, creating a significant attack vector that attackers can exploit through credential theft or brute force attacks. Without a centralized identity provider like Entra ID, you lose visibility into authentication patterns and cannot enforce modern security policies like conditional access or multi-factor authentication.
What Aether365 Checks
Aether365 verifies that Basic Authentication is disabled for each Azure App Service in your environment. This check appears in your Aether365 dashboard under azure-app-services checks, reporting any App Service where Basic Authentication is still enabled.