Best practice rules for Azure Functions
- Azure Function Access Keys
Ensure that your Microsoft Azure functions are using access keys.
- Azure Function Runtime Version
Ensure that your Azure functions are using the latest runtime version of the function host.
- Azure Functions with Admin Privileges
Ensure that your Azure functions are not configured with admin privileges.
- Disable Administrative Endpoints
Ensure that administrative endpoints are disabled for Microsoft Azure Function Apps.
- Disable Remote Debugging
Disable Remote Debugging for Microsoft Azure Function Apps to reduce the risk of exposure to sensitive data or potential attacks.
- Enable Integration with Application Insights
Ensure that Microsoft Azure functions are configured to use Application Insights feature.
- Enable Virtual Network Integration for Azure Functions
Ensure that Virtual Network integration is enabled for your Azure Function Apps.
- Exposed Azure Functions
Ensure that your Microsoft Azure functions are not publicly accessible.
- Minimum TLS Version
Ensure that the "Minimum Inbound TLS Version" setting is set to 1.2 or higher for all Azure Function Apps.
- Use Key Vaults to Store Azure Function App Secrets
Ensure that Azure Key Vaults are used to store Azure Function App secrets.
- Use Managed Identities for Azure Function Apps
Ensure that your Microsoft Azure Function Apps are using managed identities.
- Use Network Security Groups for Azure Function Apps
Ensure that your Microsoft Azure Function Apps are using Network Security Groups (NSGs).
- Use Private Endpoints for Azure Function Apps
Ensure that network access to Azure Function Apps is allowed via private endpoints only.
- Use System-Assigned Managed Identities for Azure Functions
Ensure that Azure functions are using system-assigned managed identities.
- Use User-Assigned Managed Identities for Azure Functions
Ensure that Azure functions are using user-assigned managed identities.