Links

Microsoft Web

Best practices and references below are based on published guidance from the cloud service provider and may reference native capabilities the cloud service provider offers. If you are not using the native security capabilities, the same security requirement can be met using other security capabilities your organization utilizes

Design for High Availability

Design Guidance:

Microsoft.Web/serverfarms

Target Worker Count
Sku-Capacity

Network Isolation and Segregation

Microsoft.Web/serverfarms/virtualNetworkConnections/gateways

Vpn Package Uri

Microsoft.Web/hostingEnvironments

Network Access Control List
Network Access Control List-Action
Network Access Control List-Description
Network Access Control List-Order
Network Access Control List-Remote Subnet

Subnet Isolation

Microsoft.Web/serverfarms/virtualNetworkConnections/routes

Start Address
End Address

Microsoft.Web/hostingEnvironments

Vnet Name
Vnet Resource Group Name
Vnet Subnet Name
Virtual Network
Virtual Network-Id
Virtual Network-Subnet

Load Balancing

Microsoft.Web/hostingEnvironments

Internal Load Balancing Mode

Microsoft.Web/sites/config

Load Balancing

Hardening

Microsoft.Web/hostingEnvironments

Microsoft.Web/sites

Microsoft.Web/sites/deployments

Microsoft.Web/sites/hostNameBindings


IP Whitelisting

Microsoft.Web/hostingEnvironments

User Whitelisted Ip Ranges

Microsoft.Web/sites/config

Ip Security Restrictions
Ip Security Restrictions-Ip Address
Ip Security Restrictions-Subnet Mask
Ip Security Restrictions-Vnet Subnet Resource Id
Ip Security Restrictions-Action
Ip Security Restrictions-Priority
Ip Security Restrictions-Name
Ip Security Restrictions-Description
Scm Ip Security Restrictions
Scm Ip Security Restrictions-Ip Address
Scm Ip Security Restrictions-Subnet Mask
Scm Ip Security Restrictions-Vnet Subnet Resource Id
Scm Ip Security Restrictions-Action
Scm Ip Security Restrictions-Priority
Scm Ip Security Restrictions-Name
Scm Ip Security Restrictions-Description

TLS

Design Guidance:

Microsoft.Web/sites

Host Name SSL States
Host Name SSL States-Name
Host Name SSL States-SSL State
Host Name SSL States-Virtual Ip
Host Name SSL States-Host Type
HTTPS Only
Site Config-Min TLS Version
Site Config-Ftps State

Microsoft.Web/sites/config

Ftps State
Min TLS Version

Microsoft.Web/sites/hostNameBindings

SSL State

Session Binding

Microsoft.Web/sites

Client Affinity Enabled

Source Authentication

Design Guidance:

Microsoft.Web/sites

Client Cert Mode
Client Cert Enabled

App Least Functionality

Design Guidance:

Microsoft.Web/sites

Site Config-Remote Debugging Enabled

CORS Headers

Microsoft.Web/sites

Site Config-Cors
Cors-Allowed Origins
Cors-Support Credentials

Microsoft.Web/sites/config

Cors
Cors-Allowed Origins
Cors-Support Credentials

Application Code Analysis

Microsoft.Web/sites/config

Net Framework Version
Php Version
Python Version
Node Version
Power Shell Version
Linux Fx Version
Windows Fx Version
Java Version
Java Container
Java Container Version

Logging

Design Guidance:

Microsoft.Web/sites/config

HTTP Logging Enabled
Logs Directory Size Limit

Secure Response Headers

Design Guidance:

Microsoft.Web/sites/config

Ip Security Restrictions-Headers
Scm Ip Security Restrictions-Headers

Design a Hierarchical PKI

Microsoft.Web/sites/hostNameBindings

Thumbprint