Joshua Summers

My feedback

  1. 47 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    4 comments  ·  Web Apps » Deployment  ·  Flag idea as inappropriate…  ·  Admin →
    Joshua Summers commented  · 

    There should be an ability to not only audit the user accounts that can deploy to a web app, but allow us to remove a deployment credential from a valid AAD user account without doing the following:
    1) Delete the user from AAD and recreate them
    2) Remove that user from all subscriptions or resources where you have web apps...permanently

    Right now, to truly secure a subscription after a user has established a deployment credential, you have to rebuild the entire subscription. Imagine having N number of administrators and they all created their own credential...with a password that never expires or requires changing.

    From a security perspective, this is a BIG deal and has implication on auditing for those familiar with PCI-DSS

    Joshua Summers commented  · 

    The Publish profile for a web app does not respect the FTP credentials a user has associated to their account. This is another part of the auditing that should be rectified

    Joshua Summers supported this idea  · 

Feedback and Knowledge Base