AzTS

1.0.2

module/ConfigurationProvider/ControlConfigurations/Services/FrontDoor.json

                                {

  "FeatureName": "FrontDoor",

  "Reference": "aka.ms/azsktcp/frontDoor",

  "IsMaintenanceMode": false,

  "Controls": [

    {

      "ControlID": "Azure_FrontDoor_NetSec_Enable_WAF_Configuration_Trial",

      "Description": "Front Door Classic should have Web Application Firewall configured",

      "Id": "FrontDoor110",

      "ControlSeverity": "Medium",

      "Automated": "Yes",

      "MethodName": "CheckWAFConfiguredInFrontDoor",

      "DisplayName": "[Trial] Front Door (Classic) should have Web Application Firewall configured",

      "Rationale": "Azure Web Application Firewall (WAF) on Azure Front Door provides centralized protection for your web applications. WAF defends your web services against common exploits & vulnerablities. It keeps your service highly available for your users and helps you meet compliance requirements.",

      "Recommendation": "To configure WAF, Go to Azure Portal --> Web Application Firewall -> Create -> Select Policy For: Global WAF (Front Door). Select Front Door Tier: Classic. Select appropriate Resource Group & Subscription. Give the Policy a name. In association Tab, add the Front Door Hosts (Endpoints). Finally, Click on 'Review + Create' button. For more information visit: https://learn.microsoft.com/en-us/azure/web-application-firewall/afds/waf-front-door-create-portal",

      "Tags": [

        "Baseline",

        "Daily",

        "NetSec"

      ],

      "Enabled": true,

      "CustomTags": [ "Trial" ]

    },

    {

      "ControlID": "Azure_FrontDoor_DP_Use_Secure_TLS_Version_Trial",

      "Description": "[Trial] Front Door Classic should have Approved Minimum TLS version",

      "Id": "FrontDoor120",

      "ControlSeverity": "Medium",

      "Automated": "Yes",

      "MethodName": "CheckTLSConfigurationInFrontDoor",

      "DisplayName": "[Trial] Front Door Classic should have Approved Minimum TLS version",

      "Rationale": "TLS provides privacy and data integrity between client and server. Using approved TLS version significantly reduces risks from security design issues and security bugs that may be present in older versions.",

      "Recommendation": "To configure TLS Version, Go to Azure Portal --> Front Door and CDN profiles -> Select Front door with pricing tier as Classic -> Goto Front Door Designer -> Select any of the Custom domains listed -> Select Minimum TLS Version as 1.2",

      "Tags": [

        "Baseline",

        "DP",

        "Automated"

      ],

      "Enabled": true,

      "Category": "Encrypt data in transit",

      "ControlRequirements": "Data must be encrypted in transit and at rest",

      "CustomTags": [

        "Trial",

        "Daily",

        "SN:FRONTDOOR_TLS"

      ],

      "ControlSettings": {

        "MinReqTLSVersion": "1.2"

      },

      "ControlEvaluationDetails": {

        "RequiredProperties": [

          "FrontDoorCustomHttpsMinTLSVersion"

        ]

      }

    }

  ]

}