First, go to resources.azure.com. Drill down your subscription, resource group (which contains your app), providers, Microsoft.Web, sites, and click on your site name. CTRL+F for "clientCertEnabled" then flip the false to true. Note: you'll have to change the Read Only option on top to Read/Write and then Get, Edit, Put to change it.
The second step is to edit your site's web.config.
<access sslFlags="Ssl, SslNegotiateCert" />