Forum Discussion

UserID707597's avatar
UserID707597
Brass Contributor
Jan 20, 2022

How to Enforce FTP Disablement on Newly Created App Service/Function Apps in Azure?

Is there a way to enforce that newly created App Services and Function Apps will have the FTP disabled in Azure? I am aware that I can turn off the FTP manually by changing the configuration in the Azure Portal but is there a way to do it automatically/programmatically?

  • UserID707597 You can do this with PowerShell:

    Set-AzWebApp -ResourceGroupName $ResourceGroupName -Name $WebAppName -FtpsState Disabled
    Or you could enforce it using Azure Policy- there's an example here on enforcing FTPS, I think the only change you'd need would be to change 
    "ftpsState": "FtpsOnly"
     to
    "ftpsState": "Disabled"
    in the policy definition.
  • UserID707597 You can do this with PowerShell:

    Set-AzWebApp -ResourceGroupName $ResourceGroupName -Name $WebAppName -FtpsState Disabled
    Or you could enforce it using Azure Policy- there's an example here on enforcing FTPS, I think the only change you'd need would be to change 
    "ftpsState": "FtpsOnly"
     to
    "ftpsState": "Disabled"
    in the policy definition.
    • UserID707597's avatar
      UserID707597
      Brass Contributor
      Hi Chris,
      This works on my tenant, thank you! But would you know if there's a way for this policy to be prioritized first? Because I've tested this in my organization's tenant and it does not change the configuration of FTP. Maybe because there are existing policies in my organization's tenant that overrides this policy.

Resources