I'm responding to Microsoft's Security Advisory ADV200005 | Microsoft Guidance for Disabling SMBv3 Compression. The advice is to Disable SMBv3 compression.
I'm running an Azure Web App which does not use SMBv3 or access files from other servers. So I would like to Disable SMBv3 completely (not just SMBv3 compression).
How would I be able to do that from Azure Portal? Am I even allowed to do that?
All Azure Web Apps (as well as Mobile App/Services, WebJobs and Functions) run in a secure environment called a sandbox. Each app runs inside its own sandbox, isolating its execution from other instances on the same machine as well as providing an additional degree of security and privacy which would otherwise not be available.
On Azure WebApps, regardless of address, applications cannot connect to anywhere using ports 445, 137, 138, and 139. In other words, even if connecting to a non-private IP address or the address of a virtual network, connections to ports 445, 137, 138, and 139 are not permitted.
As far as Azure App service WebApps - Update, security & patching is concerned - App Service is a Platform-as-a-Service, which means that the OS and application stack are managed for you by Azure; you only manage your application and its data.
You may wish to know about how and when OS updates are applied: Azure manages OS patching on two levels, the physical servers and the guest virtual machines (VMs) that run the App Service resources. Both are updated monthly, which aligns to the monthly Patch Tuesday schedule. These updates are applied automatically, in a way that guarantees the high-availability SLA of Azure services.
Additionally, just to highlight - when severe vulnerabilities require immediate patching, such as zero-day vulnerabilities, the high-priority updates are handled on a case-by-case basis. Stay current with critical security announcements in Azure by visiting Azure Security Blog -https://azure.microsoft.com/blog/topics/security/
Kindly checkout this document -https://azure.github.io/AppService/2018/01/18/Demystifying-the-magic-behind-App-Service-OS-updates.html for more details on Azure App Service OS patching.