Skip to content

Use short lived web hooks#

Security · Automation Service · Azure.Automation.WebHookExpiry

Do not create webhooks with an expiry time greater than 1 year (default).

Description#

Do not create webhooks with an expiry time greater than 1 year (default).

Recommendation#

An expiry time of 1 year is the default for webhook creation. Webhooks should be programmatically rotated at regular intervals - Microsoft recommends setting a shorter time than the default of 1 year. If authentication is required for a webhook consider implementing a pre-shared key in the header - or using an Azure Function.


Last update: 2021-09-24