Cyscale

Back to controls

Ensure Azure Function Apps require HTTPS only

Azure Function Apps should redirect or reject plain HTTP traffic so function invocations, headers, tokens, and payloads are protected in transit. HTTP support increases the chance of credential exposure and downgrade mistakes, especially for webhook-style endpoints.

Category

Controls

Medium

Applies to

Microsoft Azure

Coverage

1 queries

Asset types

1 covered

Overview

Azure Function Apps should redirect or reject plain HTTP traffic so function invocations, headers, tokens, and payloads are protected in transit. HTTP support increases the chance of credential exposure and downgrade mistakes, especially for webhook-style endpoints.

Require HTTPS and combine it with a modern minimum TLS version for all Function Apps.

Remediation guidance

Remediation

Enable HTTPS-only access on the Function App.

Azure CLI

az functionapp update \
  --resource-group {{asset.azureResourceGroup}} \
  --name {{asset.name}} \
  --set httpsOnly=true

Validate the setting:

az functionapp show \
  --resource-group {{asset.azureResourceGroup}} \
  --name {{asset.name}} \
  --query '{name:name,httpsOnly:httpsOnly}'

References

https://learn.microsoft.com/en-us/azure/azure-functions/security-concepts
https://learn.microsoft.com/en-us/azure/app-service/configure-ssl-bindings#enforce-https

Query logic

These are the stored checks tied to this control.

Azure Function Apps without HTTPS only

Connectors

Microsoft Azure

Covered asset types

FunctionApp

Expected check: eq []

{
  functionApps(
    where: {
      httpsOnly: { eq: false }
    }
  ) {
    ...AssetFragment
  }
}

Cyscale is an agentless cloud-native application protection platform (CNAPP) that automates the contextual analysis of cloud misconfigurations, vulnerabilities, access, and data, to provide an accurate and actionable assessment of risk.

Stay connected

Receive new blog posts and product updates from Cyscale

By clicking Subscribe, I agree to Cyscale’s Privacy Policy

By clicking Subscribe, I agree to Cyscale’s Privacy Policy

Platform

Cloud Native Application Protection (CNAPP)Cloud Security Posture Management (CSPM)Cloud Infrastructure Entitlement Management (CIEM)Kubernetes Security Posture Management (KSPM)Cloud Compliance Cloud Security for MSSPs Cloud Vulnerability Management ASPM + Code Scanning Secrets + Outdated Software AI-SPM Platform Book a Demo Start a Trial Pricing

Use Cases

Cloud Misconfigurations Vulnerability Management Code Vulnerability Scanning AI Security Operational Security IAM Cloud Security Cloud Data Security Cloud Compliance NIS 2 Compliance DORA Compliance Kubernetes Security Microsoft Entra ID Security Google Workspace Security

Industries

Managed Security (MSSPs)FinTech Banks HealthTech Telecom Legal Tech HRTech M&A Due Diligence Mobile Apps

Compare

Cyscale vs Wiz Cyscale vs Lacework Cyscale vs Zscaler Cyscale vs Orca Security Cyscale vs AWS Cyscale vs Google Cloud Cyscale vs Microsoft Azure

Resources

Blog Security Wiki Product Tours Case Studies Documentation Data Sheet FAQ + Support Cloud Security Buyer’s Guide SaaS CTO Cloud Security Handbook Top 10 Cloud Security Challenges

Company

About Us Cloud Security Made in Europe Careers Contact Us

+44 7401 208466

[email protected]

ISO 27001Compliant

SOC 2In progress

© 2026 Cyscale Limited

© 2026 Cyscale Limited

Terms of use Security Policy Privacy Policy Status Sitemap

Terms of use Security Policy Privacy Policy

crunch base icon