| Plugin Title | Identity Enabled |
| Cloud | AZURE |
| Category | App Service |
| Description | Ensures a system or user assigned managed identity is enabled to authenticate to App Services without storing credentials in the code. |
| More Info | Maintaining cloud connection credentials in code is a security risk. Credentials should never appear on developer workstations and should not be checked into source control. Managed identities for Azure resources provides Azure services with a managed identity in Azure AD which can be used to authenticate to any service that supports Azure AD authentication, without having to include any credentials in code. |
| AZURE Link | https://docs.microsoft.com/en-us/azure/app-service/overview-managed-identity |
| Recommended Action | Enable system or user-assigned identities for all App Services and avoid storing credentials in code. |
- Log into the Microsoft Azure Management Console.
- Find the search bar at the top and search for App Services.
- Select the "App Service" by clicking on "Name" to go to its configuration.
- Scroll down the selected "App Services" navigation panel and in "Settings" click on the "Identity" option.</br
- On the "Identity" page verify the "Status" option under "System assigned" tab. If the "Status" is set to "Off" then the "Identity" is not enabled to authenticate to App Service without storing credentials in the code. It is recommended to use Identity management to store credentials for other services such as Storage, SQL etc.
- If the "Status" is set to "Off" then select the "On" option next to "Status" to turn on Identity management.
- Click on the "Save" button at the top to ensure identity is authenticated to all services that supports Azure AD authentication, without having to include any credentials in code.
- Click "Yes" in the confirmation popup to complete the change.
- Repeat steps 3 - 8 to ensure a system or user assigned managed identity is enabled for all "App services" in the account.
