Azure powershell – modernize your app service

Not sure what else to call this but a modernize your app service script. This will grab all the web apps in a subscription and then enable AlwaysOn, HTTP 2.0, disable PHP, set FTP to FTPS only, and TLS to 1.2.

But wait, there’s more! It will also set the app to https only, meaning it will redirect to https. Make sure you have valid certs. Let’s encrypt is free and there is even an extension making it ridiculously easy to add free certs to any web app.

$apps = Get-AzWebApp
$appnames = $apps.Name
$rg = $apps.ResourceGroup | select -first 1 # or replace this with the name of your resource group
ForEach ($appname in $appnames) {
$GeneralSettings = @{"siteConfig" = @{"AlwaysOn" = $true; "http20Enabled" = $true; "phpVersion" = ""; "ftpsState" = "FtpsOnly"; "minTlsVersion" = "1.2"}}
$WebAppResourceType = 'microsoft.web/sites'
$webAppResource = Get-AzResource -ResourceType $WebAppResourceType -ResourceGroupName $rg -ResourceName $appname
$webAppResource | Set-AzResource -PropertyObject $GeneralSettings -Force
$webAppResource.Properties.httpsOnly=$true
$webAppResource | Set-AzResource -Force 
}


This came about after security center complained that none of the apps were “https only”. They all actually are, we use a redirect in code. But now that Azure does it in the app, why not. +30 points to our security score ;P

Aaaaaaaaaaaaaaaaand that was completely unnecessary.

Leave a Comment

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.