Azure Introduction
Azure Pricing
Azure Threats
Enable Always On For App Services
More Info:
Ensure that your Azure App Services web applications stay loaded all the time by enabling the Always On feature.
Risk Level
Medium
Address
Security
Compliance Standards
CBP
Triage and Remediation
Remediation
Enabling Always On for App Services in Azure ensures that your web application is always running and responsive. Here are the steps to remediate this misconfiguration in Azure using the Azure console:
-
Log in to the Azure portal (https://portal.azure.com/).
-
Navigate to the App Service that needs to be remediated.
-
Click on the “Configuration” blade on the left-hand side of the screen.
-
Scroll down to the “General settings” section and locate the “Always On” setting.
-
Toggle the switch next to “Always On” to the “On” position.
-
Click “Save” to apply the changes.
-
Restart the App Service to ensure that the changes take effect.
Once you have completed these steps, your App Service will be configured to use Always On, ensuring that it is always running and responsive.
To remediate the misconfiguration “Enable Always On for App Services” in Azure using Azure CLI, you can follow these steps:
-
Open the Azure CLI command prompt.
-
Run the following command to set the resource group where the App Service is deployed:
az configure --defaults group=<resource-group-name>
- Run the following command to enable Always On for the App Service:
az webapp config set --always-on true --name <app-service-name> --resource-group <resource-group-name>
- Verify that Always On is enabled for the App Service by running the following command:
az webapp config show --name <app-service-name> --resource-group <resource-group-name> --query alwaysOn
This command should return a value of “true”, indicating that Always On is enabled for the App Service.
By following these steps, you can remediate the misconfiguration “Enable Always On for App Services” in Azure using Azure CLI.
To remediate the misconfiguration “Enable Always On For App Services” in Azure using Python, follow these steps:
- Import the necessary libraries:
from azure.identity import DefaultAzureCredential
from azure.mgmt.web import WebSiteManagementClient
- Authenticate with Azure using the DefaultAzureCredential:
credential = DefaultAzureCredential()
- Instantiate a WebSiteManagementClient object:
subscription_id = '<your-subscription-id>'
resource_group_name = '<your-resource-group-name>'
webapp_name = '<your-webapp-name>'
client = WebSiteManagementClient(credential, subscription_id)
- Get the current configuration of the web app:
webapp = client.web_apps.get(resource_group_name, webapp_name)
- Check if Always On is enabled:
if webapp.always_on:
print('Always On is already enabled.')
else:
print('Always On is not enabled.')
- If Always On is not enabled, update the configuration:
webapp.always_on = True
client.web_apps.create_or_update(resource_group_name, webapp_name, webapp)
print('Always On has been enabled.')
The complete code to remediate the misconfiguration “Enable Always On For App Services” in Azure using Python would look like this:
from azure.identity import DefaultAzureCredential
from azure.mgmt.web import WebSiteManagementClient
credential = DefaultAzureCredential()
subscription_id = '<your-subscription-id>'
resource_group_name = '<your-resource-group-name>'
webapp_name = '<your-webapp-name>'
client = WebSiteManagementClient(credential, subscription_id)
webapp = client.web_apps.get(resource_group_name, webapp_name)
if webapp.always_on:
print('Always On is already enabled.')
else:
webapp.always_on = True
client.web_apps.create_or_update(resource_group_name, webapp_name, webapp)
print('Always On has been enabled.')