Ensure that your Azure API Management APIs are configured to enforce HTTPS for all API calls in order to provide secure, encrypted communication, protect data integrity, user privacy, and comply with industry standards.
This rule resolution is part of the Conformity Security & Compliance tool for Azure.
Enforcing HTTPS for all API calls within Azure API Management enhances security and protects sensitive data. It prevents interception, ensures authentication, and maintains compatibility with modern browsers. Following best practices demonstrates your commitment to data security.
Audit
To determine if your Azure API Management APIs are configured to enforce HTTPS for all API calls, perform the following operations:
Remediation / Resolution
To ensure that your Azure API Management APIs are configured to enforce HTTPS for all API calls, perform the following operations:
References
- Azure Official Documentation
- Authentication and authorization to APIs in Azure API Management
- Recommendations to mitigate OWASP API Security Top 10 threats using API Management
- Azure PowerShell Documentation
- az apim list
- az apim api list
- az apim api show
- az apim api update