Security Center default policy setting ‘Monitor Web Application Firewall’ should be enabled

Description

When this setting is enabled, it recommends that a web application firewall is provisioned on virtual machines when instance-level public IP (ILPIP) is used and the inbound security rules for the associated network security group are configured to allow access to port 80/443, or when load-balanced IP is used and the associated load balancing and inbound network address translation (NAT) rules are configured to allow access to port 80/443.

Portal Remediation Steps

• Navigate to Azure Policy.

• Select the subscription and click Edit assignment.

• Select Parameters.

• In All Internet traffic should be routed via your deployed Azure Firewall, select AuditIfNotExists.

• Click Review + save > save.

CLI Remediation Steps

• Remediation is not possible via the CLI.

Documentation Links

• Working with Security Policies

• Azure Security Policies Monitored by Security Center