Ensure that your Azure functions are not configured with an identity with admin privileges
app_function_identity_without_admin_privileges
It is important to ensure that Azure functions are not configured with administrative privileges to maintain the principle of least privilege and reduce the attack surface. By limiting the privileges of Azure functions, potential security risks and data leaks can be mitigated.
Risk
If Azure functions are configured with administrative privileges, it increases the risk of unauthorized access, privilege escalation, and data breaches. Attackers can exploit these privileges to gain access to sensitive data and compromise the entire system.
prowler azure --checks app_function_identity_without_admin_privileges
Recommendation
To remediate this issue, ensure that Azure functions are not configured with an identity that has administrative privileges. Instead, use the principle of least privilege to grant only the necessary permissions to Azure functions. For more information, refer to the official documentation: Use the principle of least privilege.
Remediation
Source Code
Resource Type
Microsoft.Web/sites