App Service web apps should use a system-assigned managed service identity

Description

A system-assigned managed service entity from Azure Active Directory enables the app to connect to other Azure services securely without the need for usernames and passwords. Eliminating credentials from the app is a more secure approach.

Remediation Steps

Azure Portal

  • Navigate to App Services.

  • Select an app.

  • In the left navigation under Settings, select Identity.

  • Set the status to on and click Save.

Azure CLI

  • To enable ‘Register with Azure Active Directory’ for an App service web app:

az webapp identity assign --resource-group <RESOURCE_GROUP_NAME> --name <APP_NAME>

Azure Resource Manager

"identity": {
  "type": "SystemAssigned"
}

Example Configuration

{
"type": "Microsoft.Web/sites",
"apiVersion": "2021-02-01",
"identity": {
    "type": "SystemAssigned"
  },
"properties":{
  # other required fields here
  }
}