Review & Remediate App Service Recommendations

Implementation Effort: Medium — Reviewing and remediating recommendations requires collaboration between security and application teams, and may involve configuration changes across multiple App Service resources.

User Impact: Low — These changes are applied at the infrastructure or configuration level and do not require end-user involvement.

Overview

Microsoft Defender for App Service continuously assesses your App Service resources and generates security recommendations to help you reduce risk and improve your security posture. These recommendations are based on best practices and known threat patterns, and they are visible in the Microsoft Defender for Cloud portal.

Common recommendations include:

• Enforce HTTPS: Ensures secure communication by requiring HTTPS for all incoming traffic.
• Restrict CORS access: Prevents unauthorized domains from accessing your APIs or web apps.
• Enable diagnostic logs: Helps with auditing and incident investigation by capturing detailed activity logs.
• Require client certificates: Adds an extra layer of authentication for incoming requests 1.

To remediate these recommendations:

1. Go to Microsoft Defender for Cloud in the Azure portal.
2. Navigate to Recommendations.
3. Filter by App Service.
4. Review each recommendation's severity, description, and remediation steps.
5. Apply the recommended changes directly or through automation scripts 2.

These actions align with the "Verify Explicitly" principle of Zero Trust by ensuring that only secure, authenticated, and monitored access is allowed to your applications. Ignoring these recommendations can leave your applications vulnerable to attacks such as man-in-the-middle, cross-origin abuse, or unauthorized access.

Reference

• App Service Recommendations Reference
• Enable Defender for App Service
• Remediate Recommendations in Defender for Cloud