Azure App Service Managed Identity Not Used
Description
Detects Azure App Services that are not configured to use managed identities. Managed identities provide a secure way for App Services to access other Azure resources without storing credentials in application code, reducing the risk of credential exposure.
Detection Strategy
• Scans all Azure App Services in the subscription
• Checks if the 'identity' property is missing or not configured for each App Service
• Reports a vulnerability if an App Service does not have any managed identity (system-assigned or user-assigned) configured
Severity v4.0
1.7
Low
Method ID
CSPM-AFURY
Technique
CSPM
Target
AZURE
Technology
APP_SERVICE
CWE ID(s)
CWE-1188Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan.If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.