Managed identity should be used in your web app #70

feliperomero3 · 2020-12-20T01:18:32Z

Description

For enhanced authentication security, use a managed identity.
On Azure, managed identities eliminate the need for developers to have to manage credentials by providing an identity for the Azure resource in Azure AD and using it to obtain Azure Active Directory (Azure AD) tokens.

Remediation steps

Manual remediation

To create a managed identity for your web app:

Go to the App Service for your API app
Scroll to the Settings group in the left navigation
Select Identity
Use System assigned or User assigned identity following the steps described in this doc: https://aka.ms/managed-identity

Retrofit all the necessary changes into the ARM template of the solution.

feliperomero3 · 2021-08-28T17:51:35Z

The App Service Managed Identity will be used to authenticate the App Service to Azure SQL. This way we can remove the connection string.

feliperomero3 added the security Azure Security Center recommendations label Dec 20, 2020

feliperomero3 self-assigned this Dec 20, 2020

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Managed identity should be used in your web app #70

Managed identity should be used in your web app #70

feliperomero3 commented Dec 20, 2020

feliperomero3 commented Aug 28, 2021

Managed identity should be used in your web app #70

Managed identity should be used in your web app #70

Comments

feliperomero3 commented Dec 20, 2020

Description

Remediation steps

Manual remediation

feliperomero3 commented Aug 28, 2021