Ensure 'FTP State' is set to 'FTPS Only' or 'Disabled'
Why This Matters
FTP transmits data, including login credentials, in plain text over the network. This exposes your application to interception attacks that can lead to credential theft, data exfiltration, and lateral movement within your Azure environment. Disabling FTP or enforcing FTPS only is a foundational security measure to protect your App Services from these risks.
What Aether365 Checks
This check verifies that the FTP state for each Azure App Service is set to either "FTPS Only" or "Disabled". It appears in the Aether365 dashboard under the azure-app-services checks category and maps to CIS control 9.3.