The organization facilitates information sharing by enabling authorized users to determine a business partner's access when discretion is allowed as defined by the organization and by employing manual processes or automated mechanisms to assist users in making information sharing/collaboration decisions
Control: CORS should not allow every resource to access your API App
Cross-Origin Resource Sharing (CORS) should not allow all domains to access your API app. Allow only required domains to interact with your API app.
steampipe check azure_compliance.control.appservice_api_app_cors_no_star
This control uses a named query:appservice_api_app_cors_no_star