iCompaas Support

Description:

Registering an App Service with Azure Active Directory (AAD) enables secure authentication and identity management. Enabling this feature ensures that the Web App can use Azure AD for user sign-in, service access, and security integrations such as role-based access control and identity-based permissions.

Rationale:

Enabling “Register with Azure Active Directory” ensures the Web App has an identity in AAD, allowing secure authentication and controlled access to resources. It helps enforce identity-based security, supports managed identities, and prevents unauthorized access. This reduces security risks and improves compliance with modern identity standards.

Impact:

If the App Service is not registered with Azure AD, it may lack a secure identity for authentication. This limits its ability to access Azure resources securely and increases the risk of unauthorized access. Some services requiring identity-based access may fail, causing operational or functional issues.

Default Value:

By default, App Services are not registered with Azure Active Directory. Registration must be manually enabled using the Identity settings in the App Service.

Pre-requisites:

• Permissions: Owner, Contributor, or User Access Administrator

• Permissions in Azure AD to create or manage Enterprise Applications

• The App Service must support Managed Identity (most tiers do)
  
  

Test Plan:

1. Log in to the Azure Portal at https://portal.azure.com.

2. In the portal, search for App Services and select the target Web App.

3. In the left menu, under the settings, go to Identity.

4. Under System assigned

5. Verify whether the status is On.

6. If it is off, follow the implementation Plan

Implementation Plan:

1. Log in to the Azure Portal at https://portal.azure.com.

2. In the portal, search for App Services and select the target Web App.

3. In the left menu, under settings, go to Identity.

4. Under System assigned, set Status to On.

5. Click Save at the top.

    7. A prompt will appear asking to enable the identity. Click Yes.

Backout Plan:

1. Log in to the Azure Portal at https://portal.azure.com.

2. In the portal, search for App Services and select the target Web App.

3. In the left menu, under settings, go to Identity.

4. Under System assigned, change Status to Off.

5. Click Save.

References:

• https://learn.microsoft.com/azure/app-service/overview-managed-identity

• https://learn.microsoft.com/azure/active-directory/manage-apps/what-is-application-management

• https://learn.microsoft.com/azure/app-service/configure-authentication-provider-aad