Best practice rules for AppService
Trend Micro Cloud One™ – Conformity monitors AppService with the following rules:
- Check for Latest Version of .NET Framework
Enable HTTP to HTTPS redirects for your Microsoft Azure App Service web applications.
- Check for Latest Version of Java
Ensure that Azure App Service web applications are using the latest stable version of Java.
- Check for Latest Version of PHP
Ensure that Azure App Service web applications are using the latest version of PHP.
- Check for Latest Version of Python
Ensure that Azure App Service web applications are using the latest version of Python.
- Check for Sufficient Backup Retention Period
Ensure there is a sufficient backup retention period configured for Azure App Services applications.
- Check for TLS Protocol Latest Version
Ensure that Azure App Service web applications are using the latest version of TLS encryption.
- Check that Azure App is using the latest version of HTTP
Ensure that Azure App Service web applications are using the latest version of HTTP
- Check that the Azure App requests incoming client certificates
Ensure that your Azure App Service web applications requests a client certificate from incoming requests.
- Disable Plain FTP Deployment
Ensure that FTP access is disabled for your Azure App Services web applications.
- Disable Remote Debugging
Disable Remote Debugging feature for your Microsoft Azure App Services web applications.
- Enable Always On
Ensure that your Azure App Services web applications stay loaded all the time by enabling the Always On feature.
- Enable App Service Authentication
Ensure that App Service Authentication is enabled within your Microsoft Azure cloud account.
- Enable Application Insights
Ensure that Azure App Services applications are configured to use Application Insights feature.
- Enable Automated Backups
Ensure that all your Azure App Services applications are using the Backup and Restore feature.
- Enable FTPS-Only Access
Enable FTPS-only access for your Microsoft Azure App Services web applications.
- Enable HTTPS-Only Traffic
Enable HTTP to HTTPS redirects for your Microsoft Azure App Service web applications.
- Enable Health Checks
Ensure that your Azure App Service web applications are using health checks.
- Enable Registration with Microsoft Entra ID
Ensure that registration with Microsoft Entra ID is enabled for Azure App Service applications.
- Use Key Vaults to Store App Service Application Secrets
Ensure that Azure Key Vaults are used to store App Service application secrets.