Azure App Service Supports Multiple Languages (.NET, Node.js, Java, Python, PHP) — The Ultimate Guide (2025)

Azure App Service Supports Multiple Languages (.NET, Node.js, Java, Python, PHP)

Multi‑Language HostingManaged PaaSCI/CD ReadyLinux & Windows

Summary (for editors): Azure App Service is a unified, fully managed PaaS for hosting web apps & APIs across .NET, Node.js, Java, Python, and PHP, with built‑in scaling, security, diagnostics, and DevOps.

Why Azure App Service for Multi‑Language Apps?

Azure App Service offers a unified platform to publish and run modern web apps and APIs without managing servers. You can deploy microservices in different languages side‑by‑side, use staging slots for safe releases, enable Azure DevOps or GitHub Actions for CI/CD, and secure everything with Microsoft Entra ID (formerly Azure AD), Azure Key Vault, and Azure Front Door.

Key Benefits at a Glance

Native support for .NET, Node.js, Java, Python, PHP with automatic framework detection.
Managed hosting: patching, scaling, load balancing, and platform hardening handled by Azure.
Custom runtimes via containers for anything else (e.g., Go, Ruby, Deno) on App Service for Linux.
First‑class CI/CD with GitHub Actions, Azure DevOps, and local Git.
Observability with Application Insights & Azure Monitor; Kudu diagnostics built‑in.
Enterprise‑grade security: SSL/TLS, Azure API Management, WAF via Front Door, Key Vault for secrets, private networking.
Flexible pricing tiers for dev/test to mission‑critical (Free → Isolated).

Platform Capabilities (Applies to All Languages)

Unified platform to host heterogeneous runtimes on the same App Service plan.
Multiple deployment options: Git, GitHub, Azure CLI, FTP, ZIP Deploy, az webapp up, VS/VS Code, Docker images.
Staging slots for zero‑downtime blue‑green deployments and A/B testing.
Autoscaling: scale out by instance count; scale up by CPU/RAM; rules by schedule/metrics.
Environment customizations: app settings, connection strings, startup commands, custom domains, managed certificates.
Networking: VNet Integration, Private Endpoints, Hybrid Connections, IP Restrictions.
Security: HTTPS‑only, TLS policies, Managed Identity, Entra ID auth provider, custom auth flows via Azure API Management.
Monitoring: App Insights distributed tracing, logs, Live Metrics, container logs.
Languages & Versions selectable in Portal (e.g., .NET 8, Node 18/20, Java 17/21, Python 3.10/3.11, PHP 8.x).
Containers: Bring your own Docker image, multi‑container with Docker Compose (Linux).

.NET & .NET Core on Azure App Service

For organizations invested in the Microsoft stack, App Service excels with ASP.NET, .NET (Core), Blazor, Web API, and Minimal APIs. It pairs beautifully with Visual Studio publish profiles, GitHub Actions, and Azure DevOps pipelines.

Keypoints — .NET

Windows or Linux workers; pick based on framework dependencies.
Out‑of‑the‑box IIS integration on Windows; Kestrel behind nginx on Linux.
Easy Application Insights auto‑instrumentation for .NET apps.
EF Core & managed identities for secure DB access (SQL, Cosmos DB).
Blazor Server/WASM hosting patterns supported.
Slot‑specific settings and warm‑up for zero‑downtime swaps.
Run background jobs using WebJobs or extend with Azure Functions.
Choose .NET 6/7/8 LTS for stability and performance.

```

Troubleshooting — .NET quick checks

# PowerShell (Az) — Inspect core settings for a .NET webapp
```

Connect-AzAccount
$rg = "my-rg"
$app = "my-dotnet-webapp"
$web = Get-AzWebApp -ResourceGroupName $rg -Name $app
$web.SiteConfig | Select-Object NetFrameworkVersion, NumberOfWorkers, LinuxFxVersion, WindowsFxVersion

# Get App Settings (masking secrets)

(Get-AzWebAppSlotConfigName -ResourceGroupName $rg -Name $app).AppSettingNames | ForEach-Object { $_ }
(Get-AzWebApp -ResourceGroupName $rg -Name $app).SiteConfig.AppSettings | ForEach-Object {
"{0} = {1}" -f $*.Name, (If ($*.Name -match 'SECRET|KEY|PASSWORD') {'***'} else {$_.Value})
}

# Enable .NET Core stdout logging via appsettings or web.config when needed

# Then stream logs:

Get-AzWebApp -Name $app -ResourceGroupName $rg | Get-AzWebAppLog -StartTime (Get-Date).AddMinutes(-30)

```

FAQs — .NET (10)

1) Which OS should I choose for .NET on App Service?

Use Windows for classic ASP.NET/IIS dependencies; Linux for modern .NET where you prefer container‑like behavior and lower cost.

2) Can I run Blazor Server and WASM?

Yes. Blazor Server runs on App Service directly; WASM can be served as static files with API backends hosted on App Service.

3) How do I connect securely to Azure SQL?

Enable a System‑Assigned Managed Identity, then use Azure AD auth in your connection string to avoid secrets.

4) Does App Service auto‑scale my .NET app?

Yes. Configure scale rules on CPU, memory, HTTP queue length, or custom metrics from App Insights.

5) How do I enable Application Insights?

Turn on in the Portal or via ARM/Bicep/CLI; SDK auto‑collects requests, dependencies, traces, exceptions.

6) Can I use WebJobs?

Yes. WebJobs run background tasks within the same App Service Plan, triggered on schedule, queue, or continuously.

7) How to zero‑downtime swap?

Create a staging slot, warm it up, configure slot settings, then swap with production.

8) Are .NET versions kept updated?

Platform images are regularly updated; you can pin or roll forward as needed.

9) Can I host gRPC?

HTTP/2 is supported; for gRPC-Web scenarios, consider Front Door or API Management if needed.

10) How do I troubleshoot startup failures?

Enable detailed error messages and stdout logs, check Kudu console, and examine App Insights exceptions/live metrics.

```

Node.js on Azure App Service

App Service supports multiple Node.js versions, npm/yarn/PNPM workflows, and popular frameworks (Express, NestJS, Next.js). You can deploy REST APIs, SSR sites, and full‑stack apps with CI/CD and staging slots.

Keypoints — Node.js

Selectable Node versions (e.g., 18 LTS, 20 LTS); set via Portal or WEBSITE_NODE_DEFAULT_VERSION.
Build automation via Oryx for Linux; custom build commands in package.json.
PM2 or custom startup scripts to run multiple processes.
Seamless integration with Azure API Management and Front Door.
Real‑time log streaming & Kudu for debugging environment variables and filesystem.

```

Troubleshooting — Node.js quick checks

# PowerShell (Az) — Stream Node logs and inspect process
```

Connect-AzAccount
$rg = "my-rg"
$app = "my-node-webapp"

# Stream application logs (make sure logging enabled)

Get-AzWebApp -Name $app -ResourceGroupName $rg | Get-AzWebAppLog -StartTime (Get-Date).AddMinutes(-20)

# Use Kudu API to list env variables (requires auth token)

# Invoke-RestMethod -Headers @{ Authorization = "Bearer $token" } -Uri "https://$app.scm.azurewebsites.net/api/environment"

# Update Node version setting\ n$site = Get-AzWebApp -ResourceGroupName $rg -Name $app

$site.SiteConfig.NodeVersion = "~20"
Set-AzWebApp -ResourceGroupName $rg -Name $app -AppServicePlan $site.ServerFarmId -SiteConfig $site.SiteConfig

```

FAQs — Node.js (10)

1) How do I pin a Node version?

Set WEBSITE_NODE_DEFAULT_VERSION in App Settings or choose from Portal → Configuration → General settings.

2) Can I run Next.js SSR?

Yes. Use Linux App Service with build commands and a proper startup to run the server; cache via Front Door if needed.

3) Where are build logs?

Oryx build output is visible in deployment logs (Kudu/SCM) and in GitHub Actions logs.

4) How to handle environment secrets?

Use App Settings linked to Key Vault references; avoid committing secrets.

5) Is WebSockets supported?

Yes. Enable WebSockets in Configuration and ensure your code upgrades connections.

6) How do I scale Node apps?

Use autoscale rules based on CPU, memory, or custom metrics. Profile with App Insights + Node SDK.

7) Does PNPM work?

Yes. Provide custom build commands in your workflow to install PNPM and run builds.

8) Can I run background workers?

Use separate App Service instances or Functions/Queues; PM2 can run multiple processes if needed.

9) How to debug memory leaks?

Dump heap via Node inspector locally, reproduce with similar load; monitor memory in Live Metrics.

10) Can I containerize Node apps?

Yes. Push an image to ACR and deploy to App Service for Containers (Linux).

```

Java on Azure App Service

App Service supports Java SE and enterprise runtimes such as Tomcat and JBoss EAP. Deploy Spring Boot, Jakarta EE, or microservices with native integrations across Azure Monitor, Key Vault, and Front Door.

Keypoints — Java

Choose Java 11/17/21 with Tomcat or JBoss EAP on Linux.
Deploy JARs (Spring Boot) or WAR/EAR to Tomcat/JBoss.
JVM tuning via JAVA_OPTS in App Settings.
Single sign‑on with Entra ID; secure outbound secrets via Managed Identity and Key Vault.
Integrate with Azure API Management for API governance.

```

Troubleshooting — Java quick checks

# PowerShell (Az) — Inspect Java runtime and logs
```

Connect-AzAccount
$rg = "my-rg"
$app = "my-java-webapp"
$web = Get-AzWebApp -ResourceGroupName $rg -Name $app
$web.SiteConfig | Select-Object JavaVersion, JavaContainer, JavaContainerVersion

# Set JAVA_OPTS, e.g., memory and GC tuning

$settings = @{"JAVA_OPTS"="-Xms512m -Xmx1024m -XX:+UseG1GC"}
Set-AzWebApp -Name $app -ResourceGroupName $rg -AppSettings $settings

# Stream logs for the past hour

Get-AzWebApp -Name $app -ResourceGroupName $rg | Get-AzWebAppLog -StartTime (Get-Date).AddHours(-1)

```

FAQs — Java (10)

1) Can I use Spring Boot with App Service?

Yes, deploy fat JARs directly or WAR to Tomcat; configure JAVA_OPTS and ports appropriately.

2) How do I set JVM memory limits?

Use JAVA_OPTS with -Xms and -Xmx; monitor with App Insights JMX exporters or logs.

3) Does JBoss EAP work?

Yes, App Service for Linux supports JBoss EAP versions aligned with the platform images.

4) How do I configure Datasource credentials?

Store them in Key Vault and reference via App Settings or use Managed Identity for secretless auth.

5) Can I run multiple WARs?

Yes on Tomcat/JBoss; ensure memory sizing and context paths are configured.

6) Is HTTPS enforced?

Set HTTPS‑only in TLS/SSL settings and enforce HSTS via configuration.

7) Can I use GraalVM native images?

Yes, deploy as Linux executable within a container or as a custom startup command.

8) How to troubleshoot startup failures?

Check /home/LogFiles (Kudu), container logs, and events under Diagnose & Solve Problems.

9) Where do I set time zone?

Use App Settings like WEBSITE_TIME_ZONE (Windows) or set TZ on Linux.

10) Can I containerize Java apps?

Yes, build/push to ACR and use App Service for Containers with health probes.

```

Python on Azure App Service

Host Flask, Django, and FastAPI apps with gunicorn/uvicorn on Linux. Use Oryx to build and detect dependencies from requirements.txt or pyproject.toml.

Keypoints — Python

Recommended: Linux App Service with gunicorn/uvicorn workers.
Specify startup command, e.g., gunicorn --bind=0.0.0.0 --timeout 600 app:app.
Use Managed Identity to access Storage, Key Vault, and databases securely.
Enable Application Insights for traces/metrics (OpenTelemetry or SDK).
Scale out workers and tune concurrency (workers per core) for CPU‑bound vs I/O‑bound tasks.

```

Troubleshooting — Python quick checks

# PowerShell (Az) — Inspect Python config and logs
```

Connect-AzAccount
$rg = "my-rg"
$app = "my-python-webapp"
$web = Get-AzWebApp -ResourceGroupName $rg -Name $app
$web.SiteConfig | Select-Object LinuxFxVersion, AppCommandLine

# Stream recent logs

Get-AzWebApp -Name $app -ResourceGroupName $rg | Get-AzWebAppLog -StartTime (Get-Date).AddMinutes(-30)

# Set a startup command (gunicorn/uvicorn)

Set-AzWebApp -Name $app -ResourceGroupName $rg -AppSettings @{ "STARTUP_COMMAND" = "gunicorn -w 4 -k uvicorn.workers.UvicornWorker main:app" }

```

FAQs — Python (10)

1) Where do I put dependencies?

Use requirements.txt or pyproject.toml; Oryx detects and installs during build.

2) How do I set the startup command?

In Configuration → General settings (Portal) or set STARTUP_COMMAND in App Settings.

3) Does Django static collection run automatically?

Add python manage.py collectstatic in your CI/CD workflow and store static in Azure Storage/CDN.

4) How to tune workers?

Set worker count by CPU cores and workload type; e.g., gunicorn -w 4 for modest instances.

5) Can I use Conda?

Prefer venv/pip to align with the platform images; use containers if Conda is required.

6) How to debug import errors?

Confirm the virtual environment location and that packages install successfully in Oryx logs.

7) Is FastAPI supported?

Yes, run with uvicorn workers and configure a health endpoint.

8) How do I access Key Vault?

Enable Managed Identity and use the Azure SDK; avoid secrets in settings.

9) Can I use Celery?

Yes via separate worker apps or Azure Functions/Container Apps for background jobs.

10) Is WebSockets supported?

Yes, enable WebSockets and ensure your ASGI server supports it.

```

PHP on Azure App Service

Run Laravel, Symfony, or vanilla PHP with Nginx/Apache on Linux App Service. Pair with MySQL Flexible Server or Azure Database for MySQL; front with Front Door for global acceleration.

Keypoints — PHP

Set PHP runtime (e.g., 8.2/8.3) in Portal or via CLI.
Configure DOCUMENT_ROOT and rewrite rules for Laravel/Symfony.
Use Managed Identity + Key Vault for database secrets or adopt secretless auth patterns.
Use Composer during build; cache vendor directory in CI for speed.
Monitor with App Insights PHP SDK or OpenTelemetry exporters.

```

Troubleshooting — PHP quick checks

# PowerShell (Az) — Inspect PHP config and logs
```

Connect-AzAccount
$rg = "my-rg"
$app = "my-php-webapp"
$web = Get-AzWebApp -ResourceGroupName $rg -Name $app
$web.SiteConfig | Select-Object LinuxFxVersion, PhpVersion

# Stream recent logs

Get-AzWebApp -Name $app -ResourceGroupName $rg | Get-AzWebAppLog -StartTime (Get-Date).AddMinutes(-45)

# Set DOCUMENT_ROOT and rewrite rules via app settings or a custom nginx.conf

```

FAQs — PHP (10)

1) How do I enable Composer install?

Run Composer in your pipeline or Oryx build; ensure composer.json is present.

2) Does Laravel work out of the box?

Yes, configure document root to public/ and set proper rewrite rules.

3) How to connect to MySQL securely?

Use Managed Identity + Azure Database for MySQL; or Key Vault references for secrets.

4) How to handle file uploads?

Persist to Azure Storage, not local filesystem, for durability across instances.

5) Can I schedule cron jobs?

Use WebJobs, Functions, or containerized cron in App Service for Containers.

6) How to troubleshoot 502/503?

Check container logs, Nginx/Apache config, and look for out‑of‑memory events; scale up if needed.

7) Is OPCache enabled?

Platform images enable OPCache; tune via php.ini or app settings.

8) Does App Service support extensions?

Yes, common PHP extensions are available; for custom ones, consider containers.

9) Can I use Composer autoload optimization?

Yes, run composer install --no-dev --optimize-autoloader in CI for production builds.

10) How do I enable HTTPS?

Bind a custom domain and use managed certificates or bring your own; enforce HTTPS‑only.

```

Containers & Custom Runtimes

Need a language not listed above? Use App Service for Containers to bring custom Docker images (e.g., Go, Ruby, Deno). This is ideal for multi‑language microservices where each service ships its own runtime and dependencies.

Keypoints — Containers

Deploy from ACR or Docker Hub; configure startup command and health probes.
Use multi‑container apps via Docker Compose (Linux).
Mount Azure Files for shared state (if unavoidable), though stateless is preferred.
Use Managed Identity inside the container for secretless access to Azure resources.
Full control over OS libraries, language versions, and buildpacks.

```

FAQs — Containers (10)

1) When should I prefer containers over built‑in runtimes?

When you need custom OS libs, niche runtimes, or exact version pinning beyond platform offerings.

2) Can I run multiple containers?

Yes, with Docker Compose on App Service for Linux.

3) How do I handle secrets in containers?

Use Managed Identity + Key Vault; avoid baking secrets into images.

4) Is autoscale supported for containers?

Yes, scale instances like any App Service plan; set rules by metrics.

5) How do I debug container crashes?

Inspect Container Crash Logs in Log Stream and check Docker entrypoint commands.

6) Can I use sidecars?

Yes, via multi‑container setups; consider Azure Container Apps/Kubernetes for complex meshes.

7) How to mount persistent storage?

Use Azure Files mounts; design for statelessness wherever possible.

8) Can I use custom buildpacks?

Yes in your Dockerfile; Oryx is used for built‑in flows.

9) How do I connect to on‑prem systems?

Use VNet Integration, Private Endpoints, or Hybrid Connections.

10) Can I run cron inside a container?

Yes, but prefer platform schedulers (WebJobs/Functions) for reliability.

```

CI/CD, Deployment, and Slots

Deploy via GitHub Actions, Azure DevOps, Bitbucket, or local Git. Use staging slots for blue‑green and set slot settings for environment‑specific configuration.

Keypoints — CI/CD

ZIP Deploy and az webapp up for quick starts.
GitHub Actions templates for .NET/Node/Java/Python/PHP.
Use slot swaps with warm‑up and traffic routing for safe rollouts.
Back deployments with Azure Front Door or Traffic Manager for multi‑region.
Automate database migrations in pipeline steps to avoid runtime surprises.

```

Useful PowerShell Recipes for DevOps & Slots

# Swap a staging slot into production with warmup checks
```

Connect-AzAccount
$rg = "my-rg"; $app = "my-webapp"
Switch-AzWebAppSlot -ResourceGroupName $rg -Name $app -SourceSlotName "staging" -DestinationSlotName "production"

# Update app settings (slot setting example)

$slotSettings = @{ "APPINSIGHTS_INSTRUMENTATIONKEY" = "$(secret)" }
Set-AzWebAppSlot -ResourceGroupName $rg -Name $app -Slot "staging" -AppSettings $slotSettings

# Stream deployment logs

Get-AzWebAppDeployment -ResourceGroupName $rg -Name $app | Select-Object -First 5 | Format-List

```

FAQs — CI/CD & Slots (10)

1) Do I need downtime to deploy?

No, use staging slots and swap when warm; configure health checks.

2) Can I route a small % of traffic?

Yes, use traffic splitting between slots for canaries.

3) How do I rollback?

Swap back to the previous slot or redeploy a prior build from deployment history.

4) Where do I store secrets?

Use Key Vault with references in App Settings or Managed Identity to remove secrets entirely.

5) Can I automate database migrations?

Yes, run EF Core or Liquibase/Flyway steps in your pipeline before slot swapping.

6) How do I run end‑to‑end tests before swap?

Hit the staging slot URL in your CI after deploy and run smoke tests.

7) Are cron jobs supported?

Use WebJobs or Functions; for containers, run a sidecar or use Functions Timer triggers.

8) What about static sites?

Use App Service or Static Web Apps; pair with APIs in App Service.

9) Can I limit who can deploy?

Use RBAC/PIM and service principals; protect branches in GitHub/Azure Repos.

10) How to enforce quality gates?

Use build validations, code scanning, and approval checks in CI/CD.

```

Security, Identity, and Compliance

App Service includes TLS termination, custom domains, managed certificates, and built‑in authentication with Microsoft Entra ID. Use Azure Key Vault for secrets and enforce private networking.

Keypoints — Security

Enable HTTPS‑only and TLS 1.2+ policies.
Use Managed Identity for secretless access to Azure SQL, Storage, Key Vault.
Enable Entra ID authentication provider or federate via Azure API Management.
Restrict inbound via Private Endpoints and access restrictions.
Audit with Azure Policy; monitor posture in Defender for Cloud.

```

Graph API + PowerShell — Useful Identity Checks

# MS Graph: Find the App Registration used by App Service authentication
```

# (Requires: Connect-MgGraph; scopes Application.Read.All)

Connect-MgGraph -Scopes "Application.Read.All"
$webAppUrl = "[https://myapp.azurewebsites.net](https://myapp.azurewebsites.net)"
$appRegs = Get-MgApplication -All | Where-Object { $_.Web.RedirectUris -contains "$webAppUrl/.auth/login/aad/callback" }
$appRegs | Select-Object DisplayName, AppId, Id

# Check Managed Identity and Key Vault access

Connect-AzAccount
$rg = "my-rg"; $app = "my-webapp"; $kv = "my-keyvault"
$web = Get-AzWebApp -ResourceGroupName $rg -Name $app
$principalId = $web.Identity.PrincipalId
(Get-AzKeyVault -VaultName $kv).AccessPolicies | Where-Object { $_.ObjectId -eq $principalId }

```

FAQs — Security (10)

1) How do I enable Entra ID sign‑in?

Use Authentication blade to add Microsoft identity provider; configure callback URLs and tokens.

2) Where should I put secrets?

Use Key Vault; reference secrets in App Settings or adopt Managed Identity for secretless connections.

3) Can I force HTTPS?

Yes, set HTTPS‑only and enforce HSTS headers.

4) How do I restrict IPs?

Configure Access Restrictions to allow/block specific CIDRs or service endpoints.

5) Is Private Endpoint supported?

Yes, bind a private NIC and use private DNS zones for internal resolution.

6) How do I rotate certificates?

Use managed certs when possible or automate renewal via Key Vault/ACME; bind to custom domains.

7) Can I require SSO for Kudu as well?

Kudu inherits platform auth; use RBAC and deployment credentials; lock down SCM site via IP restrictions.

8) How to meet compliance?

Use Policy initiatives, Defender for Cloud, and logging; choose regions that match your data residency.

9) Do I need a WAF?

Use Front Door Premium or Application Gateway WAF in front of App Service.

10) How to audit identity drift?

Use Azure AD/Entra audit logs, Graph queries, and regular access reviews.

```

Networking & Global Distribution

Connect apps securely to on‑prem via Hybrid Connections or VNet Integration, and deliver globally with Azure Front Door. For private exposure, use Private Endpoints and internal DNS.

Keypoints — Networking

Outbound SNAT considerations for IP whitelisting; consider NAT Gateway.
Use health probes and regional redundancy with multiple instances.
Front apps with Front Door for acceleration and WAF.
Expose REST APIs via Azure API Management.
Prefer Private Link to avoid public egress where possible.

```

FAQs — Networking (10)

1) How do I get a static outbound IP?

Use NAT Gateway attached to the VNet of your VNet‑integrated web app.

2) Can I restrict incoming by region?

Use Front Door WAF geo‑filters or custom logic in APIM.

3) How to enable HTTP/2?

HTTP/2 is enabled for TLS connections; manage via TLS settings.

4) Is gRPC supported end‑to‑end?

Yes over HTTP/2; for browsers, gRPC‑Web may be required.

5) How to connect to on‑prem databases?

Use Hybrid Connections or VNet Integration + VPN/ExpressRoute.

6) Can I do blue‑green across regions?

Yes, pair slots with Front Door traffic weighting and health probes.

7) How do I secure SCM (Kudu) access?

Restrict SCM site with IP restrictions and require authenticated deployment endpoints.

8) Where do I see connection errors?

Diagnose & Solve Problems blade, App Insights dependency failures, and Kudu traces.

9) Can I do IPv6?

IPv6 is supported via Front Door; origin remains IPv4.

10) How to avoid SNAT exhaustion?

Use connection pooling, scale out, and NAT Gateway to increase outbound ports.

```

Monitoring & Diagnostics

Instrument your apps with Application Insights and use built‑in diagnostics (Kudu, Log Stream) to triage issues. Capture traces, dependencies, exceptions, and performance counters across all languages.

Keypoints — Observability

Auto‑instrumentation for .NET/Java; SDKs for Node/Python/PHP.
Live Metrics Stream for real‑time health.
Distributed tracing (correlation IDs) across microservices.
Alerts on availability, latency, errors, and custom metrics.
Container logs and event logs for App Service for Containers.

```

PowerShell — Rapid Health Snapshot

# Quick inventory & health for a plan
```

Connect-AzAccount
$rg = "my-rg"
$plan = "my-plan"
(Get-AzWebApp -ResourceGroupName $rg | Where-Object { $_.ServerFarmId -like "*${plan}*" }) |
Select-Object Name, State, HostNames, SiteConfig.NetFrameworkVersion, SiteConfig.NodeVersion, SiteConfig.PhpVersion

# Query recent failures via Kusto (Application Insights) — use your workspace/app id

# Sample KQL (to run inside Logs blade):

# requests | where success == false | summarize count() by resultCode, name, bin(timestamp, 5m)

```

FAQs — Monitoring (10)

1) How do I enable App Insights?

Turn on in Portal or add SDK; set connection string/instrumentation key via App Settings.

2) Can I get real‑time metrics?

Yes, Live Metrics Stream shows requests, failures, CPU, and sample traces.

3) How to correlate across services?

Use distributed tracing IDs; ensure all services propagate trace headers.

4) Where are container logs?

Under Log Stream and /home/LogFiles via Kudu.

5) Can I push custom metrics?

Yes via SDKs or OpenTelemetry exporters.

6) How to set alerts?

Create alert rules on metrics/log queries in Azure Monitor.

7) How to debug cold starts?

Use Always On and pre‑warming; review startup logs and dependency initialization.

8) Can I export logs to Sentinel?

Yes, via Diagnostic Settings to Log Analytics and Sentinel.

9) How to track deployments?

Use deployment annotations in App Insights and GitHub Actions outputs.

10) Where to see quota/throttling?

Metrics: CPU, memory, connections, HTTP queue length, and storage; scale accordingly.

```

Pricing Tiers & Sizing

App Service tiers range from Free/Shared to Basic/Standard/Premium/Isolated. Choose based on SLA, performance, VNet support, and features like staging slots and scaling needs.

Keypoints — Pricing

Dev/test: Free/Shared/Basic; Production: Standard/Premium; Regulated/isolated: Isolated.
Premium adds better performance, scaling limits, and VNet features.
Isolated isolates to a dedicated environment (ASE v3) for strict compliance.
Right‑size by load testing; monitor and adjust regularly.
Use Reserved Instances and Savings Plans to reduce cost.

```

FAQs — Pricing (10)

1) Which tier includes staging slots?

Standard and above include slots; Premium offers more slots and better performance.

2) Do Free/Shared have SLAs?

No; use Standard or higher for production‑grade SLAs.

3) Does Premium support VNet Integration?

Yes, Premium supports networking features required by enterprises.

4) When do I need Isolated?

When you need a dedicated environment (ASE) for compliance or extreme scale.

5) How many instances can I scale to?

Depends on tier; Premium allows more instances and higher limits.

6) Is Linux cheaper?

Often more cost‑effective for certain workloads; evaluate by testing.

7) How to reduce cold starts?

Use Always On and warm‑up settings; Premium improves startup performance.

8) Can I mix languages in one plan?

Yes, different apps in the same plan can use different runtimes.

9) Are containers more expensive?

Not necessarily; depends on instance size and build complexity.

10) How do I estimate cost?

Use the pricing calculator and monitor actual usage with cost alerts.

```

End‑to‑End Example: Multi‑Language Microservices on One Plan

Imagine one App Service plan hosting three apps: a .NET 8 API, a Node 20 API, and a Python FastAPI service. All share the same plan capacity while remaining isolated at the app level. You can front them with Azure Front Door, secure with Azure API Management, and operate with a single CI/CD umbrella.

```

PowerShell — Quick Post‑Deployment Validation

Connect-AzAccount
```

$rg = "prod-microservices"
$apps = @("api-dotnet","api-node","svc-python")
$apps | ForEach-Object {
$a = Get-AzWebApp -ResourceGroupName $rg -Name $_
"{0}  -  State:{1}  HTTPS:{2}  AlwaysOn:{3}  Host:{4}" -f $_, $a.State, $a.HttpsOnly, $a.SiteConfig.AlwaysOn, ($a.DefaultHostName)
}

```

FAQs — Architecture (10)

1) Can apps in the same plan communicate privately?

Yes via private networking (VNet) and internal endpoints/APIM; avoid hard‑coding localhost assumptions.

2) How to rate‑limit across languages?

Use API Management policies or Front Door rules.

3) How to share code?

Use internal packages, shared libraries, or common contracts; avoid tight coupling.

4) How to share secrets?

Use Key Vault with separate secrets and RBAC per app identity.

5) Are there cross‑language tracing standards?

Yes, OpenTelemetry; export to App Insights or other backends.

6) How to do schema evolution?

Use versioned APIs and backward‑compatible changes; APIM can route versions.

7) Can I do multi‑region active‑active?

Yes with Front Door and health probes; replicate stateful backends appropriately.

8) How to handle long‑running tasks?

Offload to queues/Functions or background worker apps.

9) What about websocket fan‑out?

Use Azure Web PubSub or SignalR Service for scalable websockets.

10) How to enforce org‑wide standards?

Use Bicep/Terraform modules, policy, and templates across languages.

```

Bonus Add‑Ons to Elevate Your App Service

Azure Key Vault for secret management with Managed Identity.
Staging slots for zero‑downtime deployments.
Native integrations with Azure SQL, Cosmos DB, and Storage Accounts.
Kudu for advanced diagnostics and custom deployment scripts.
Compatibility across Linux and Windows App Service plans.

Cloud Knowledge