Azure Web Apps allows sites to run under both HTTP and HTTPS by default. Web apps can be accessed by anyone using non-secure HTTP links by default. Non-secure HTTP requests can be restricted and all HTTP requests redirected to the secure HTTPS port. It is recommended to enforce HTTPS-only traffic.
Perform the following in the Azure Console:
Perform the following in Azure Command Line Interface 2.0:
To set HTTPS-only traffic value for an existing app, run the following command.
az webapp update –resource-group <RESOURCE_GROUP_NAME> –name <APP_NAME> –set httpsOnly=false