App Service web apps should have ‘Incoming client certificates’ enabled


Client certificates allow for the app to request a certificate for incoming requests. Only clients that have a valid certificate will be able to reach the app.

Portal Remediation Steps

  • Navigate to App Services.

  • Select your App Service.

  • In the left navigation, select Configuration.

  • Select General settings.

  • In Client certificate mode, select Require and click Save.

CLI Remediation Steps

  • To enable incoming client certificates:

az webapp update --set clientCertEnabled=true --name <app_name> --resource-group <group_name>