Will Azure CIS 1.3 policy "App Service apps should have 'Client Certificates (Incoming client certificates)' enabled" be updated to accommodate the latest change of setting Client Cert mode to Ignore if HTTP v2.0 is used?

Sharawat, Neetu 35 Reputation points
2023-06-08T16:48:48.79+00:00

Due to the following change, we are not able to remediate the policy "App Service apps should have 'Client Certificates (Incoming client certificates)' enabled" anymore (because the Client Cert Mode is enforced to set to Ignore now when HTTP version is 2.0).

Are there any plans to update the built-in Azure CIS 1.3 policy to accommodate this change [meaning it will only get evaluated if HTTP version is not 2.0?]?

When selecting HTTP version 2.0, incoming client certificates must be ignored.

Azure Policy
Azure Policy
An Azure service that is used to implement corporate governance and standards at scale for Azure resources.
1,019 questions
{count} votes

Accepted answer
  1. AnuragSingh-MSFT 21,551 Reputation points Moderator
    2023-06-21T05:18:38.7766667+00:00

    @Sharawat, Neetu , thank you for reporting this issue and apologies for the delayed response.

    I checked with the team owning this initiative and they are actively analyzing the CIS 1.3 policy and HTTP v2.0 requirement. This policy and the CIS initiative will be updated after the review to ensure that HTTP 2.0 based web apps do not run into this issue again.


0 additional answers

Sort by: Most helpful

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.