Azure Functions
Azure Functions is a cloud-based platform that allows users to develop event-driven applications without managing servers. SailPoint Entro detects Secrets and NHIs exposed on Azure Functions (as shown below):

Step 1: Locate the Exposed Token with SailPoint Entro Platform

Use the link provided by SailPoint Entro to navigate directly to the Azure App Configuration instance where the token was exposed. Identify the specific configuration setting, key, or value in Azure App Configuration that contains the exposed token. Review the settings and associated applications to locate the sensitive data.
Step 2: Revoke Rotate and remove the Exposed Token
To remediate the issue, use the RIGOR workflow:
-
Redact Sensitive Information: Access the affected Azure App Configuration settings and remove the exposed token from the relevant configuration entries.
-
Inform the owner about the token exposure so that the practice is not repeated.
-
Generate a new token if necessary and ensure it is securely vaulted, avoiding exposure in scripts, pipeline configurations, or environment settings.
-
Organize and take notes throughout this process as they will be necessary for a future root cause analysis, response plans, etc...
-
Revoke any exposed tokens through the issuing service based on the token type provided by SailPoint Entro. Refer to Key Rotation Best Practices.
Step 3 (optional): Use Azure Key Vault for Sensitive Data
Set up Azure Key Vault to securely store sensitive information, such as tokens. Store the new token in Azure Key Vault and update your Azure App Configuration to access the token securely from the vault. Adjust the access policies in Azure Key Vault to allow only authorized applications and services to access the stored secrets.
Step 4: Audit Access
Review audit logs in Azure Monitor and Azure Activity Logs to ensure that no unauthorized access occurred while the token was exposed.
Step 5: Monitor
Enable monitoring and set up alerts to notify about any unusual activities related to access or modification of sensitive data in Azure App Configuration.