More Info:

By default, Azure Web App allows both HTTP and HTTPS. That means the web apps can be accessed over non-secure HTTP too.

Risk Level

Medium

Address

Security

Compliance Standards

SOC2, GDPR, ISO27001, HIPAA, CISAZURE, CBP, HITRUST, NISTCSF, PCIDSS

Triage and Remediation

Remediation

Using Console

Additional Reading: