Info icon
End of Life Notice: For Trend Cloud One™ - Conformity Customers, Conformity will reach its End of Sale on “July 31st, 2025” and End of Life “July 31st, 2026”. The same capabilities and much more is available in Trend Vision One™ Cloud Risk Management. For details, please refer to Upgrade to Trend Vision One
Logo of Trend Micro
Use the Knowledge Base AI to help improve your Cloud Posture

Enable Authentication with Microsoft Entra ID

Trend Vision One™ provides continuous assurance that gives peace of mind for your cloud infrastructure, delivering over 1100 automated best practice checks.

Risk Level: High (not acceptable risk)

Ensure that authentication with Microsoft Entra ID is enabled for your Microsoft Azure Logic Apps to secure your applications by allowing access only to authenticated users or services, thus protecting sensitive data and resources from unauthorized access.

Security
Operational
excellence

Enabling authentication in Azure Logic Apps with Microsoft Entra ID enhances security by ensuring only authenticated users and services can access your Logic Apps. This prevents unauthorized access, protects sensitive data, and simplifies identity management using Microsoft's trusted identity platform.

Audit

To determine if authentication with Microsoft Entra ID is enabled for your Azure Logic Apps, perform the following operations:

Checking Azure Logic Apps for authentication with Microsoft Entra ID using Azure Command Line Interface (CLI) is not currently supported.

Using Azure Console

01 Sign in to the Microsoft Azure Portal.

02 Navigate to All resources blade available at https://portal.azure.com/#browse/all to access all your Microsoft Azure cloud resources.

03 Choose the Azure subscription that you want to access from the Subscription equalls all filter box and choose Apply.

04 From the Type equals all filter box, select Type for Filter, Equals for Operator, and Logic App (Standard) for Value, then choose Apply to list the Azure Logic Apps available in the selected subscription.

05 Click on the name (link) of the Azure Logic App that you want to examine.

06 In the resource navigation panel, under Settings, choose Authentication to access the authentication settings available for the selected Azure Logic App.

07 In the Identity provider section, search for the Microsoft identity provider. An identity provider is responsible for managing user identities and the authentication flow of your application. If Microsoft is not listed in the Identity provider section or there are no identity providers configured for your Logic App (i.e., the No identity provider message is displayed), authentication with Microsoft Entra ID is not enabled for the selected Azure Logic App.

08 Repeat steps no. 5 - 7 for each Azure Logic App deployed in the selected Azure subscription.

09 Repeat steps no. 3 – 8 for each subscription created in your Microsoft Azure cloud account.

Remediation / Resolution

To ensure that authentication with Microsoft Entra ID is enabled for your Microsoft Azure Logic Apps, perform the following operations:

Enabling authentication with Microsoft Entra ID for Azure Logic Apps using Azure Command Line Interface (CLI) is not currently supported.

Using Azure Console

01 Sign in to the Microsoft Azure Portal.

02 Navigate to All resources blade available at https://portal.azure.com/#browse/all to access all your Microsoft Azure cloud resources.

03 Choose the Azure subscription that you want to access from the Subscription equalls all filter box and choose Apply.

04 From the Type equals all filter box, select Type for Filter, Equals for Operator, and Logic App (Standard) for Value, then choose Apply to list the Azure Logic Apps available in the selected subscription.

05 Click on the name (link) of the Azure Logic App that you want to configure.

06 In the resource navigation panel, under Settings, choose Authentication to access the authentication settings available for the selected Azure Logic App.

07 On the Authentication page, choose either Add identity provider or Add provider, and perform the following actions to configure authentication with Microsoft Entra ID:

  1. For Basics, select Microsoft from the Identity provider dropdown list.
  2. For App registration, provide the ID of your Microsoft Entra ID app registration in the Application (client) ID box and enter the appropriate issuer URL in the Issuer URL box. An app registration associates your identity provider (in this case, Microsoft) with your Logic App. (Optional) For Allowed token audiences, enter your allowed token audience value.
  3. For Additional checks, you can configure additional checks that will further control access:
    1. For Client application requirement, choose Allow requests only from this application itself or Allow requests from specific client applications and provide the names of the allowed client applications.
    2. For Identity requirement, choose Allow requests from any identity or Allow requests from specific identities and provide the names of the allowed identities.
    3. For Tenant requirement, choose Use default restrictions based on issuer or Allow requests from specific tenants and provide the names of the allowed tenants.
  4. For App Service authentication settings, select Require authentication for Restrict access, and choose one of the supported HTTP status codes from the Unauthenticated requests list. Requiring authentication ensures that requests to your application include information about the caller.
  5. Choose Add to apply the identity provider configuration. You are now ready to use the Microsoft identity platform for authentication in your Azure Logic App.

08 Repeat steps no. 5 - 7 for each Azure Logic App that you want to configure, deployed in the selected Azure subscription.

09 Repeat steps no. 3 – 8 for each subscription created in your Microsoft Azure cloud account.

References

Publication date Jul 24, 2025

Related LogicApps rules