Managed identity should be used in your Function App

Use a managed identity for enhanced authentication security

Risk Level: Low
Cloud Entity: Azure functions
CloudGuard Rule ID: D9.AZU.IAM.10
Covered by Spectral: Yes
Category: Compute


FunctionApp should have inner.identityStatus=true


From Portal

  1. Sign in to the Azure portal at
  2. Go to 'Function App' and choose your Function App.
  3. Under 'Settings, select 'Identity' on the navigation menu.
  4. On the 'Identity' panel, select 'On' for the status configuration settings.
  5. Click Save.

From TF
Set the 'type' argument under 'identity' to 'SystemAssigned':

resource 'azurerm_function_app' 'example' {
	identity {
		type= 'SystemAssigned'

From Command Line

az functionapp identity assign --resource-group RESOURCEGROUP --name FUNCTIONAPP



Azure functions

Azure Functions is a serverless solution that allows you to write less code, maintain less infrastructure, and save on costs. Instead of worrying about deploying and maintaining servers, the cloud infrastructure provides all the up-to-date resources needed to keep your applications running.

Compliance Frameworks

  • Azure CloudGuard Best Practices
  • Azure ITSG-33
  • Azure NIST 800-53 Rev 5
  • CloudGuard Azure All Rules Ruleset
  • Microsoft Cloud Security Benchmark