Security Center default policy setting ‘Monitor Web Application Firewall’ should be enabled¶
When this setting is enabled, it recommends that a web application firewall is provisioned on virtual machines when instance-level public IP (ILPIP) is used and the inbound security rules for the associated network security group are configured to allow access to port 80/443, or when load-balanced IP is used and the associated load balancing and inbound network address translation (NAT) rules are configured to allow access to port 80/443.
Portal Remediation Steps¶
Navigate to Azure Policy.
Select the subscription and click Edit assignment.
In All Internet traffic should be routed via your deployed Azure Firewall, select AuditIfNotExists.
Click Review + save > save.
CLI Remediation Steps¶
Remediation is not possible via the CLI.