How to Secure your Azure App Service with Azure’s AD Authentication

Whatever we host in Azure App Service, anonymous access is enabled by default, unless you enable custom authentication/Authorization within the application. So, anyone can access the site, if they know the URL of the site.
 
In this modern internet world, app security holds a higher priority than anything else in the application. But Azure makes this process so easy. We can get this done without writing a single piece of code. Yes, you read it right, with just a few clicks in theAzure portal you can enable Azure Active Directory authentication to your application hosted in Azure App Service.
 
Please find the below step by step implementation,
  1. Login to Azure Portal, with enough permission to access the hosted app service.
  2. Click on any of the app service applications on which you wish to enable Azure AD authentication.
  3. In the upcoming properties pane look for Authentication/Authorization option like below,

    Secure Azure App Service

  4. If you see in the above picture, before enabling the authentication we get a message “Anonymous access is enabled on the App Service app. Users will not be prompted for login.”
  5. Just below that message there is Off/On toggler to enable App Service Authentication. Click on that mark it as On.
  6. Once you enable it, for now you get 5 different options. Not only Azure AD authentication, but in just a few clicks we can enable Microsoft Account/Facebook/Gmail/Twitter based authentications as well.

    Secure Azure App Service

  7. Let’s focus on Azure AD authentication in this article, from the above window click “Azure Active Directory”. This is a kind of authentication where all the users in your organization can access the application by entering their credentials. You will see the below window.

    Azure Active Directory Authentication

  8. Click on Express option, which gives you this below window.

    Azure Active Directory Authentication

  9. Enter the App name of your choice, this process will register an Azure Active Directory app in your tenant. Azure takes care of all the processes involved in that, such as giving permission, generating keys, setting the redirection url.
  10. If you want to choose already existing Azure Active Directory App for this process choose the “Select Existing AD App” option in the same window.

    Azure Active Directory

  11. Now select the app in the next upcoming window.
  12. After that Click the “OK” button at the bottom.
  13. Now the system will take you back to the previous window where you can see Azure Active Directory authentication in Express mode is configured and ready to create. Now click “Save” button.

    Secure Azure App Service

  14. That’s all -- we have enabled Azure AD Authentication in our Azure App Service, now when you hit the app service URL you will get the below Microsoft AD Authentication screen to enter AD credentials

    Secure Azure App Service
How easy it is to enable high level AD authentication to Azure App Service in few clicks. In my next article, I will explain how to grant permission only to specific users and block others from accessing the application.
 
I hope this article helps you to get an understanding about App Service authentication. If you have any questions/issues about this article, please let me know in the  comments.