Ensure that your Microsoft Azure App Service web applications are configured to request an SSL certificate for all incoming requests, for security and compliance purposes. Once the certificate is implemented, only web clients that have this valid SSL certificate will be able to reach your application. By default, incoming client certificates are disabled for Azure App Service web applications.
This rule resolution is part of the Conformity Security & Compliance tool for Azure.
The SSL/TLS mutual authentication approach utilized in enterprise cloud environments ensures the authenticity of web clients to the application server. If incoming client certificates are enabled, then only an authenticated client with a valid SSL certificate can access the web application.
To determine if your Azure App Service web applications are configured to use incoming client certificates, perform the following actions:
Remediation / Resolution
To update the TLS/SSL configuration settings for your Microsoft Azure App Service web applications in order to enable incoming client certificates, perform the following actions:
Unlock the Remediation Steps
Free 30-day Trial
Automatically audit your configurations with Conformity
and gain access to our cloud security platform.
You are auditing:
Enable Incoming Client Certificates
Risk level: Medium