To follow Azure cloud security best practices and prevent public exposure, ensure that the functions managed with Microsoft Azure Function App are not publicly accessible. An Azure Function App is considered publicly accessible when it is configured to allow inbound access through the default (public) endpoint.
optimisation
excellence
In Azure cloud, Function Apps can be deployed with either public or private network access. By default, Function Apps are publicly accessible, but they can also be isolated to an Azure Virtual Network (VNet) to restrict inbound traffic. To reduce the risk of unauthorized access and data breaches, consider carefully whether your Function App needs to be publicly accessible. If not, denying public network access can help enhance security by blocking all inbound traffic except requests from private endpoints.
Audit
To determine if your Microsoft Azure Function Apps are configured to allow public network access, perform the following operations:
Remediation / Resolution
To ensure that the functions managed with Microsoft Azure Function App are not publicly accessible, perform the following operations:
References
- Azure Official Documentation
- Azure Functions networking options
- Azure App Service access restrictions
- Set up Azure App Service access restrictions
- Azure PowerShell Documentation
- az account list
- az account set
- az functionapp list
- az functionapp show
- az functionapp config access-restriction add
- az functionapp update
Unlock the Remediation Steps
Free 30-day Trial
Automatically audit your configurations with Conformity
and gain access to our cloud security platform.
You are auditing:
Exposed Azure Functions
Risk Level: High