Use short lived web hooks#

Security · Automation Account · Rule · 2020_06 · Awareness

Do not create webhooks with an expiry time greater than 1 year (default).

Description#

Do not create webhooks with an expiry time greater than 1 year (default).

Recommendation#

An expiry time of 1 year is the default for webhook creation. Webhooks should be programmatically rotated at regular intervals - Microsoft recommends setting a shorter time than the default of 1 year. If authentication is required for a webhook consider implementing a pre-shared key in the header - or using an Azure Function.

Use short lived web hooks#

Description#

Recommendation#

Comments