Ensure App Service Authentication is set up for apps in Azure App Service
Why This Matters
Without App Service Authentication enabled, your web applications accept anonymous HTTP requests that can reach application code directly. This exposes your apps to unauthorized access, data breaches, and potential abuse. Enforcing authentication ensures every request is authenticated before processing, blocking malicious actors from exploiting unprotected endpoints.
What Aether365 Checks
This check verifies that Azure App Service Authentication is enabled for each app in your subscription and that HTTP Basic Authentication is disabled. It appears in the Aether365 dashboard under the azure-app-services checks category.
How to Fix
To enable App Service Authentication for an Azure App Service: