Security Center default policy setting ‘Monitor Web Application Firewall’ should be enabled¶
Description¶
When this setting is enabled, it recommends that a web application firewall is provisioned on virtual machines when instance-level public IP (ILPIP) is used and the inbound security rules for the associated network security group are configured to allow access to port 80/443, or when load-balanced IP is used and the associated load balancing and inbound network address translation (NAT) rules are configured to allow access to port 80/443.
Portal Remediation Steps¶
Navigate to Azure Policy.
Select the subscription and click Edit assignment.
Select Parameters.
In All Internet traffic should be routed via your deployed Azure Firewall, select AuditIfNotExists.
Click Review + save > save.
CLI Remediation Steps¶
Remediation is not possible via the CLI.