Cyscale

Back to controls

Ensure Azure Function Apps have remote debugging disabled

Remote debugging opens additional management access paths to the Function App runtime and should only be enabled temporarily during active troubleshooting. Leaving it enabled in production increases the blast radius of compromised developer credentials or exposed management endpoints.

Category

Controls

Medium

Applies to

Microsoft Azure

Coverage

1 queries

Asset types

1 covered

Overview

Remote debugging opens additional management access paths to the Function App runtime and should only be enabled temporarily during active troubleshooting. Leaving it enabled in production increases the blast radius of compromised developer credentials or exposed management endpoints.

Disable remote debugging except for short, approved maintenance windows.

Remediation guidance

Remediation

Disable remote debugging on the Function App.

Azure CLI

az resource update \
  --ids {{asset.idFromProvider}}/config/web \
  --set properties.remoteDebuggingEnabled=false

Validate the setting:

az resource show \
  --ids {{asset.idFromProvider}}/config/web \
  --query 'properties.remoteDebuggingEnabled'

References

https://learn.microsoft.com/en-us/azure/azure-functions/security-concepts
https://learn.microsoft.com/en-us/azure/app-service/configure-common

Query logic

These are the stored checks tied to this control.

Azure Function Apps with remote debugging enabled

Connectors

Microsoft Azure

Covered asset types

FunctionApp

Expected check: eq []

{
  functionApps(
    where: {
      configs_SOME: {
        remoteDebuggingEnabled: { eq: true }
      }
    }
  ) {
    ...AssetFragment
  }
}

Cyscale is an agentless cloud-native application protection platform (CNAPP) that automates the contextual analysis of cloud misconfigurations, vulnerabilities, access, and data, to provide an accurate and actionable assessment of risk.

Stay connected

Receive new blog posts and product updates from Cyscale

By clicking Subscribe, I agree to Cyscale’s Privacy Policy

By clicking Subscribe, I agree to Cyscale’s Privacy Policy

Platform

Cloud Native Application Protection (CNAPP)Cloud Security Posture Management (CSPM)Cloud Infrastructure Entitlement Management (CIEM)Kubernetes Security Posture Management (KSPM)Cloud Compliance Cloud Security for MSSPs Cloud Vulnerability Management ASPM + Code Scanning Secrets + Outdated Software AI-SPM Platform Book a Demo Start a Trial Pricing

Use Cases

Cloud Misconfigurations Vulnerability Management Code Vulnerability Scanning AI Security Operational Security IAM Cloud Security Cloud Data Security Cloud Compliance NIS 2 Compliance DORA Compliance Kubernetes Security Microsoft Entra ID Security Google Workspace Security

Industries

Managed Security (MSSPs)FinTech Banks HealthTech Telecom Legal Tech HRTech M&A Due Diligence Mobile Apps

Compare

Cyscale vs Wiz Cyscale vs Lacework Cyscale vs Zscaler Cyscale vs Orca Security Cyscale vs AWS Cyscale vs Google Cloud Cyscale vs Microsoft Azure

Resources

Blog Security Wiki Product Tours Case Studies Documentation Data Sheet FAQ + Support Cloud Security Buyer’s Guide SaaS CTO Cloud Security Handbook Top 10 Cloud Security Challenges

Company

About Us Cloud Security Made in Europe Careers Contact Us

+44 7401 208466

[email protected]

ISO 27001Compliant

SOC 2In progress

© 2026 Cyscale Limited

© 2026 Cyscale Limited

Terms of use Security Policy Privacy Policy Status Sitemap

Terms of use Security Policy Privacy Policy

crunch base icon