Is there a holistic way to secure my Azure app services and function apps? #M365AMA
In this episode, the #M365AMA panel discusses the following community question:
“I’m looking for a holistic approach to secure my azure backends like app services and function apps. By secure, I mean control what can talk to these services and how. I looked into securing backend services with API-M but that that doesn’t prevent me from going directly to the backend (around API-M)”
Check out the discussion here:
Participating in this discussion were:
- Christian Buckley @buckleyplanet
- Shari Oswald @shortcutshari
- Neil Hodgkinson @nellymo
- Mike Nelson @mikenelsonIO
- Noah Sparks @noahsparks
- Hal Hostetler @TVWizard
- Norm Young @stormin_30
- Eric Riz @rizinsights
Some comments and relevant links shared by the team:
- Need to understand the deployment scenario and why this is an issue. Are APIs being presented externally? Want to block internal access for compliance/security reasons? API management provides a means to secure the APIs and control access. The backend APIs may still be accessible to services/connections unless the resources are secured separately.
- Protect the API backend – https://docs.microsoft.com/en-us/azure/api-management/transform-api