Web App microsoft.web/sites Azure Resource type

Resource provider (RP) - Microsoft Web Apps [Microsoft.Web]
RP	Microsoft.Web
RP display name	Microsoft Web Apps
RP Resource types	Resource types: 364
RP aliases	RP aliases: 2934
RP Azure Policy	Azure Policy definitions: 204 • if: 204 • then.deployment: 28 • then.details: 0 • then.existenceCondition: 4 • then.operations: 0
RP RBAC operations	RP RBAC operations: 649 • RP RBAC operationType action: 169 • RP RBAC operationType Delete: 86 • RP RBAC operationType Read: 295 • RP RBAC operationType Write: 99
RP RBAC Roles & Operation actions	Unique RBAC Roles: 29 • RBAC Roles with action operationType: 14 • RBAC Roles with Delete operationType: 10 • RBAC Roles with Read operationType: 28 • RBAC Roles with Write operationType: 11
RP related 1st party Service Principals	RP related 1st party Service Principals: 1 • Microsoft Azure App Service (appId: abfa0a7c-a6b6-4736-8310-5855508787cd) [ JSON;CSV]
All Azure RPs	• Microsoft Learn • AzResourceTypesAdvertizer (Microsoft only)

Resource type (RT) - Web App [microsoft.web/sites]

RT information
RT	microsoft.web/sites
RT display name	Web App
RT type only (without RP)	sites
RT sub- Resource types	sub-Resource types: 208
RT schema	RT schema API versions: 18 • 2024-04-01 • 2023-12-01 • 2023-01-01 • 2022-09-01 • 2022-03-01 • 2021-03-01 • 2021-02-01 • 2021-01-15 • 2021-01-01 • 2020-12-01 • 2020-10-01 • 2020-09-01 • 2020-06-01 • 2019-08-01 • 2018-11-01 • 2018-02-01 • 2016-08-01 • 2015-08-01
All Microsoft Azure RTs	AzResourceTypesAdvertizer

Aliases and Azure Policy
Aliases	aliases: 369
Azure Policy	Azure Policy definitions: 135 • if: 135 • then.deployment: 5 • then.details: 0 • then.existenceCondition: 0 • then.operations: 0

RBAC Operations and Roles & Roles related operation actions
RBAC operations	RBAC operations: 34 • RBAC operationType Action: 31 • RBAC operationType Delete: 1 • RBAC operationType Read: 1 • RBAC operationType Write: 1
RBAC Roles & Operation actions	Unique RBAC Roles: 24 • RBAC Roles with Action operationType: 6 • RBAC Roles with Delete operationType: 6 • RBAC Roles with Read operationType: 23 • RBAC Roles with Write operationType: 7

Capabilities & Locations
Diagnostic logs	True log-categories
Diagnostic metrics	True metrics
Customer-managed key (CMK) [experimental]	Unknown • Enforce Encryption with a customer-managed key (CMK) at scale
System-Assigned-Resource-Identity	True
Cross-ResourceGroup-Resource-Move	True
Cross-Subscription-Resource-Move	True
Tags	True
Extension	False
Private-Endpoint	True
Supported Locations for Private-Endpoint	Supported Locations for Private-Endpoint: 44 australiacentral, australiaeast, australiasoutheast, brazilsouth, canadacentral, canadaeast, centralindia, centralus, eastasia, eastus, eastus2, francecentral, germanywestcentral, indonesiacentral, israelcentral, italynorth, japaneast, japanwest, jioindiawest, koreacentral, koreasouth, mexicocentral, newzealandnorth, northcentralus, northeurope, norwayeast, polandcentral, qatarcentral, southafricanorth, southcentralus, southeastasia, southindia, spaincentral, swedencentral, switzerlandnorth, uaenorth, uksouth, ukwest, westcentralus, westeurope, westindia, westus, westus2, westus3
Non supported Locations for Private-Endpoint	Non supported Locations for Private-Endpoint: 14 brazilus, eastusstg, centraluseuap, eastus2euap, southcentralusstg, southafricawest, australiacentral2, jioindiacentral, francesouth, germanynorth, norwaywest, switzerlandwest, uaecentral, brazilsoutheast
Location	True
Locations	Locations: 43 australiacentral, australiaeast, australiasoutheast, brazilsouth, canadacentral, canadaeast, centralindia, centralus, eastasia, eastus, eastus2, francecentral, germanywestcentral, indonesiacentral, israelcentral, italynorth, japaneast, japanwest, koreacentral, koreasouth, mexicocentral, newzealandnorth, northcentralus, northeurope, norwayeast, polandcentral, qatarcentral, southafricanorth, southcentralus, southeastasia, southindia, spaincentral, swedencentral, switzerlandnorth, uaenorth, uksouth, ukwest, westcentralus, westeurope, westindia, westus, westus2, westus3
Not locations	Not locations: 54 asia, asiapacific, australia, australiacentral2, brazil, brazilsoutheast, brazilus, canada, centraluseuap, centralusstage, eastasiastage, eastus2euap, eastus2stage, eastusstage, eastusstg, europe, france, francesouth, germany, germanynorth, global, india, indonesia, israel, italy, japan, jioindiacentral, jioindiawest, korea, mexico, newzealand, northcentralusstage, norway, norwaywest, poland, qatar, singapore, southafrica, southafricawest, southcentralusstage, southcentralusstg, southeastasiastage, spain, sweden, switzerland, switzerlandwest, taiwan, uae, uaecentral, uk, unitedstates, unitedstateseuap, westus2stage, westusstage

Assessment tooling
Azure Advisor	Azure Advisor recommendations: 46 • Cost [Medium] Right-size underutilized App Service plans • Cost [Medium] Unused/Empty App Service plan • HighAvailability [High] Check your app's service health issues • HighAvailability [High] Fix application code, a worker process crashed due to an unhandled exception • HighAvailability [High] Fix the backup database settings of your App Service resource • HighAvailability [High] Fix the backup storage settings of your App Service resource • HighAvailability [High] Move your App Service resource to Standard or higher and use deployment slots • HighAvailability [High] Scale out your App Service plan to avoid CPU exhaustion • HighAvailability [High] Scale up your App Service plan SKU to avoid memory problems • HighAvailability [High] Upgrade your App Service to a Standard plan to avoid request rejects • HighAvailability [High] Use deployment slots for your App Service resource • HighAvailability [Low] CX Observer Personalized Recommendation • HighAvailability [Medium] Consider changing your application architecture to 64-bit • OperationalExcellence [Low] Set up staging environments in Azure App Service • OperationalExcellence [Low] Update Service Connector API Version • OperationalExcellence [Low] Update Service Connector SDK to the latest version • Performance [High] Check outbound connections from your App Service resource • Performance [High] Upgrade to the Premium V3 App Service tier • Security [High] FTPS should be required in API apps • Security [High] FTPS should be required in function apps • Security [High] FTPS should be required in web apps • Security [High] Function apps should have vulnerability findings resolved • Security [High] Overly permissive permissions should not be configured on Function App or Web App • Security [High] TLS should be updated to the latest version for API apps • Security [High] TLS should be updated to the latest version for function apps • Security [High] TLS should be updated to the latest version for web apps • Security [Low] CORS should not allow every resource to access API Apps • Security [Low] CORS should not allow every resource to access Function Apps • Security [Low] CORS should not allow every resource to access Web Applications • Security [Low] Remote debugging should be turned off for API App • Security [Low] Remote debugging should be turned off for Function App • Security [Low] Remote debugging should be turned off for Web Applications • Security [Low] Unused discovered API endpoints should be disabled and removed from Azure App Services. • Security [Medium] API App should only be accessible over HTTPS • Security [Medium] Diagnostic logs in App Service should be enabled • Security [Medium] Ensure API app has Client Certificates Incoming client certificates set to On • Security [Medium] Function App should only be accessible over HTTPS • Security [Medium] Function apps should have Client Certificates (Incoming client certificates) enabled • Security [Medium] Java should be updated to the latest version for API apps • Security [Medium] Managed identity should be enabled on function apps • Security [Medium] Managed identity should be enabled on web apps • Security [Medium] Managed identity should be used in API apps • Security [Medium] PHP should be updated to the latest version for API apps • Security [Medium] Python should be updated to the latest version for API apps • Security [Medium] Web Application should only be accessible over HTTPS • Security [Medium] Web apps should request an SSL certificate for all incoming requests
Azure Proactive Resilience Library v2 (APRLv2)	Azure Proactive Resilience Library v2 recommendations: 12 • HighAvailability [Low] Enable auto heal for Functions App • MonitoringAndAlerting [High] Monitor Performance • MonitoringAndAlerting [Low] Enable diagnostics logging • MonitoringAndAlerting [Medium] No warmup trigger added to Function App • OtherBestPractices [High] Enable Health check for App Services • OtherBestPractices [Low] Deploy to a staging slot • OtherBestPractices [Low] Ensure unique hostid set for Function App • OtherBestPractices [Medium] Store configuration as app settings for Web Sites • OtherBestPractices [Medium] Ensure Function App runs a supported version • OtherBestPractices [Medium] Ensure FUNCTIONS_WORKER_RUNTIME is set properly • Scalability [Low] Separate web apps from web APIs • Scalability [Medium] Create a separate storage account for logs
PSRule for Azure	PSRule for Azure rules: 13 • Performance Efficiency [Awareness] Disable Application Request Routing • Performance Efficiency [Awareness] Use HTTP/2 connections for App Service apps • Reliability [Important] Use App Service Always On • Reliability [Important] Web apps use a dedicated health probe path • Reliability [Important] Web apps use health probes • Security [Critical] App Service site allows insecure TLS versions • Security [Important] App Service allows unencrypted traffic • Security [Important] App Service apps uses a managed identity • Security [Important] Disable App Service remote debugging • Security [Important] Use a newer .NET version • Security [Important] Use a newer PHP runtime version • Security [Important] Use a supported Node.js runtime version • Security [Important] Web apps disable insecure FTP
Azure Quick Review (AZQR)	Azure Quick Review (AZQR) recommendations: 40 • Governance [Low] App Service Name should comply with naming conventions • Governance [Low] App Service should have tags • Governance [Low] Deploy to a staging slot • Governance [Low] Function Name should comply with naming conventions • Governance [Low] Function should have tags • Governance [Low] Logic App Name should comply with naming conventions • Governance [Low] Logic App should have tags • Governance [Medium] Configure network access restrictions • HighAvailability [Low] Enable auto heal for Functions App • HighAvailability [Medium] App Service should avoid using Client Affinity • HighAvailability [Medium] Function should avoid using Client Affinity • HighAvailability [Medium] Logic App should avoid using Client Affinity • MonitoringAndAlerting [Low] App Service should have diagnostic settings enabled • MonitoringAndAlerting [Low] Function should have diagnostic settings enabled • MonitoringAndAlerting [Low] Logic App should have diagnostic settings enabled • OtherBestPractices [High] Enable Health check for App Services • OtherBestPractices [Medium] Store configuration as app settings • Scalability [High] App Service should have Always On enabled • Security [High] App Service remote debugging should be disabled • Security [High] App Service should have private endpoints enabled • Security [High] App Service should not allow insecure FTP • Security [High] App Service should use HTTPS only • Security [High] App Service should use TLS 1.2 • Security [High] Function should have private endpoints enabled • Security [High] Function should use HTTPS only • Security [High] Logic App should have private endpoints enabled • Security [High] Logic App should use HTTPS only • Security [Medium] App Service should have VNET Route all enabled for VNET integration • Security [Medium] App Service should use Managed Identities • Security [Medium] App Service should use VNET integration • Security [Medium] Function remote debugging should be disabled • Security [Medium] Function should have VNET Route all enabled for VNET integration • Security [Medium] Function should use Managed Identities • Security [Medium] Function should use TLS 1.2 • Security [Medium] Function should use VNET integration • Security [Medium] Logic App remote debugging should be disabled • Security [Medium] Logic App should have VNET Route all enabled for VNET integration • Security [Medium] Logic App should use Managed Identities • Security [Medium] Logic App should use TLS 1.2 • Security [Medium] Logic App should use VNET integration

Infrastructure as Code (IaC)
ARM (Azure Resource Manager) templates	ARM (Azure Resource Manager) template API versions: 18 • latest • 2024-04-01 • 2023-12-01 • 2023-01-01 • 2022-09-01 • 2022-03-01 • 2021-03-01 • 2021-02-01 • 2021-01-15 • 2021-01-01 • 2020-12-01 • 2020-10-01 • 2020-09-01 • 2020-06-01 • 2019-08-01 • 2018-11-01 • 2018-02-01 • 2016-08-01 • 2015-08-01
Bicep templates	Bicep template API versions: 18 • latest • 2024-04-01 • 2023-12-01 • 2023-01-01 • 2022-09-01 • 2022-03-01 • 2021-03-01 • 2021-02-01 • 2021-01-15 • 2021-01-01 • 2020-12-01 • 2020-10-01 • 2020-09-01 • 2020-06-01 • 2019-08-01 • 2018-11-01 • 2018-02-01 • 2016-08-01 • 2015-08-01
Terraform provider	Terraform providers: 11 • app_service • app_service_source_control • function_app • function_app_active_slot • function_app_flex_consumption • linux_function_app • linux_web_app • logic_app_standard • web_app_active_slot • windows_function_app • windows_web_app
AzAPI Terraform templates	AzAPI Terraform template API versions: 18 • latest • 2024-04-01 • 2023-12-01 • 2023-01-01 • 2022-09-01 • 2022-03-01 • 2021-03-01 • 2021-02-01 • 2021-01-15 • 2021-01-01 • 2020-12-01 • 2020-10-01 • 2020-09-01 • 2020-06-01 • 2019-08-01 • 2018-11-01 • 2018-02-01 • 2016-08-01 • 2015-08-01
Pulumi provider	Pulumi providers: 1 • web/webapp
OpenTofu provider	OpenTofu TF providers: 11 • app_service • app_service_source_control • function_app • function_app_active_slot • function_app_flex_consumption • linux_function_app • linux_web_app • logic_app_standard • web_app_active_slot • windows_function_app • windows_web_app
Azure Verified Modules (AVM) Bicep	Web/Function App
Azure Verified Modules (AVM) Terraform	• GitHub: Web/Function App • Terraform registry: Web/Function App

REST-API (Representational State Transfer - Application Programming Interface)
REST-API versions	REST-API versions: 34 • 2024-11-01 • 2024-04-01 • 2023-12-01 • 2023-01-01 • 2022-09-01 • 2022-03-01 • 2021-03-01 • 2021-02-01 • 2021-01-15 • 2021-01-01 • 2020-12-01 • 2020-10-01 • 2020-09-01 • 2020-06-01 • 2019-08-01 • 2018-11-01 • 2018-02-01 • 2017-08-01 • 2016-09-01 • 2016-08-01 • 2016-03-01 • 2015-11-01 • 2015-08-01-preview • 2015-08-01 • 2015-07-01 • 2015-06-01 • 2015-05-01 • 2015-04-01 • 2015-02-01 • 2015-01-01 • 2014-11-01 • 2014-06-01 • 2014-04-01-preview • 2014-04-01
REST-API version default	2024-04-01
API profiles	API profiles: 5 • 2018-02-01;2019-03-01-hybrid • 2018-02-01 • 2017-03-09-profile • 2016-08-01;2018-06-01-profile • 2016-08-01;2018-03-01-hybrid

Resource naming

Azure Naming Tool

The Azure Naming Tool was created to help administrators define and manage their naming conventions, while providing a simple interface for users to generate a compliant name.

Resource naming details

[
  {
    "property": "Static Web App",
    "ShortName": "stapp",
    "scope": "global",
    "lengthMin": "2",
    "lengthMax": "60",
    "validText": "Contains alphanumerics and hyphens.",
    "invalidText": "Can't start or end with hyphen.",
    "invalidCharacters": "",
    "invalidCharactersStart": "-",
    "invalidCharactersEnd": "-",
    "invalidCharactersConsecutive": "",
    "regx": "^[a-zA-Z0-9][a-zA-Z0-9-]{0,58}[a-zA-Z0-9]$",
    "staticValues": ""
  },
  {
    "property": "Web App",
    "ShortName": "app",
    "scope": "global",
    "lengthMin": "2",
    "lengthMax": "60",
    "validText": "Contains alphanumerics and hyphens.",
    "invalidText": "Can't start or end with hyphen.",
    "invalidCharacters": "",
    "invalidCharactersStart": "-",
    "invalidCharactersEnd": "-",
    "invalidCharactersConsecutive": "",
    "regx": "^[a-zA-Z0-9][a-zA-Z0-9-]{0,58}[a-zA-Z0-9]$",
    "staticValues": ""
  },
  {
    "property": "Function App",
    "ShortName": "func",
    "scope": "global",
    "lengthMin": "2",
    "lengthMax": "60",
    "validText": "Contains alphanumerics and hyphens.",
    "invalidText": "Can't start or end with hyphen.",
    "invalidCharacters": "",
    "invalidCharactersStart": "-",
    "invalidCharactersEnd": "-",
    "invalidCharactersConsecutive": "",
    "regx": "^[a-zA-Z0-9][a-zA-Z0-9-]{0,58}[a-zA-Z0-9]$",
    "staticValues": ""
  },
  {
    "property": "App Service Environment",
    "ShortName": "ase",
    "scope": "global",
    "lengthMin": "2",
    "lengthMax": "60",
    "validText": "Contains alphanumerics and hyphens.",
    "invalidText": "Can't start or end with hyphen.",
    "invalidCharacters": "",
    "invalidCharactersStart": "-",
    "invalidCharactersEnd": "-",
    "invalidCharactersConsecutive": "",
    "regx": "^[a-zA-Z0-9][a-zA-Z0-9-]{0,58}[a-zA-Z0-9]$",
    "staticValues": ""
  },
  {
    "property": "Azure Static Web Apps",
    "ShortName": "aswba",
    "scope": "global",
    "lengthMin": "2",
    "lengthMax": "60",
    "validText": "Contains alphanumerics and hyphens.",
    "invalidText": "Can't start or end with hyphen.",
    "invalidCharacters": "",
    "invalidCharactersStart": "-",
    "invalidCharactersEnd": "-",
    "invalidCharactersConsecutive": "",
    "regx": "^[a-zA-Z0-9][a-zA-Z0-9-]{0,58}[a-zA-Z0-9]$",
    "staticValues": ""
  }
]

AzResourceTypeAdvertizer

Web App - Microsoft Azure Resource type
microsoft.web/sites

Web App - Microsoft Azure Resource typemicrosoft.web/sites

Web App - Microsoft Azure Resource type
microsoft.web/sites