Enabling diagnostics logging for your Azure App Service is crucial for monitoring and diagnostics, including both application logging and web server logging.
Click the Azure Resource Graph tab to view the query
//cannot-be-validated-with-arg
Monitor Performance
Impact:HighCategory:Monitoring and Alerting
APRL GUID:a7e8bb3d-8ceb-442d-b26f-007cd63f9ffc
Description:
Use Application Insights to monitor app performance and load behavior, offering real-time insights, issue diagnosis, and root-cause analysis. It supports ASP.NET, ASP.NET Core, Java, and Node.js on Azure App Service, now with built-in monitoring.
Click the Azure Resource Graph tab to view the query
//cannot-be-validated-with-arg
Separate web apps from web APIs
Impact:LowCategory:Scalability
APRL GUID:78a5c033-ff51-4332-8a71-83464c34494b
Description:
If your solution includes both a web front end and a web API, decomposing them into separate App Service apps facilitates solution decomposition by workload, allowing for independent scaling. Initially, you can deploy both in the same plan and separate them for independent scaling when necessary.
Click the Azure Resource Graph tab to view the query
//cannot-be-validated-with-arg
Create a separate storage account for logs
Impact:MediumCategory:Scalability
APRL GUID:3f9ddb59-0bb3-4acb-9c9b-99aa1776f0ab
Description:
Creating a separate storage account for logs and not using the same one for application data prevents logging activities from reducing application performance by ensuring that the resources dedicated to handling application data are not burdened by logging processes.
Click the Azure Resource Graph tab to view the query
//cannot-be-validated-with-arg
Deploy to a staging slot
Impact:LowCategory:Governance
APRL GUID:a1d91661-32d4-430b-b3b6-5adeb0975df7
Description:
Create a deployment slot for staging to deploy updates, verify them, and ensure all instances are warmed up before production swap, reducing bad update chances. An LKG slot allows easy rollback to a previous good deployment if issues arise later, enhancing reliability.
Use app settings for configuration and define them in Resource Manager templates or via PowerShell to facilitate part of an automated deployment/update process for improved reliability.
Click the Azure Resource Graph tab to view the query
//AzureResourceGraphQuery//ProvidesalistofAzureAppServiceresourcesthatdon't have App Settings configured
appserviceresources
| where type == "microsoft.web/sites/config"
| extend AppSettings = iif(isempty(properties.AppSettings), true, false)
| where AppSettings == false
| extend id = replace(@"/config/web$", "", id)
| project recommendationId="0b80b67c-afbe-4988-ad58-a85a146b681e", id, name, tags="", param1="AppSettings is not configured"
Enable Health check for App Services
Impact:HighCategory:Other Best Practices
APRL GUID:fd049c28-ae6d-48f0-a641-cc3ba1a3fe1d
Description:
Use Health Check for production workloads. Health check increases your application's availability by rerouting requests away from unhealthy instances, and replacing instances if they remain unhealthy. The Health check path should check critical components of your application.
Click the Azure Resource Graph tab to view the query
//AzureResourceGraphQuery//CheckifHealthCheckisenabledforAppServiceresources|wheretype=~'microsoft.web/sites'|whereproperties.kindhas'app'|joinkind=inner(appserviceresources|whereisnull(properties.HealthCheckPath)==true|projectname)onname|projectrecommendationId="fd049c28-ae6d-48f0-a641-cc3ba1a3fe1d",name,id,tags,param1="Healthcheckpath = not set"
Enable auto heal for Functions App
Impact:LowCategory:High Availability
APRL GUID:c6c4b962-5af4-447a-9d74-7b9c53a5dff5
Description:
Auto Heal allows you to mitigate your apps when it runs into unexpected situations like HTTP server errors, resource exhaustion, etc. You can configure different triggers based on your need and choose to recycle the app to recover it from a bad state.
Add a warmup trigger to pre-load custom dependencies during the pre-warming process so that your functions are ready to start processing requests immediately.
Click the Azure Resource Graph tab to view the query
//cannot-be-validated-with-arg
Ensure unique hostid set for Function App
Impact:LowCategory:Governance
APRL GUID:0b06a688-0dd6-4d73-9f72-6666ff853ca9
Description:
A host ID must be between 1 and 32 characters, contain only lowercase letters, numbers, and dashes, not start or end with a dash, and not contain consecutive dashes. The host ID value should be unique for all apps/slots you're running.
Click the Azure Resource Graph tab to view the query
//cannot-be-validated-with-arg
Ensure Function App runs a supported version
Impact:MediumCategory:Governance
APRL GUID:c9a278b7-024b-454b-bd54-41587c512b74
Description:
Beginning on December 13, 2022, function apps running on versions 2.x and 3.x of the Azure Functions runtime have reached the end of life (EOL) of extended support. We highly recommend you migrating your function apps to version 4.x of the Functions runtime.
Click the Azure Resource Graph tab to view the query
//cannot-be-validated-with-arg
Ensure FUNCTIONS_WORKER_RUNTIME is set properly
Impact:MediumCategory:Governance
APRL GUID:7c608f46-46b2-4cc0-bbd6-1d457c16671c
Description:
The FUNCTIONS_WORKER_RUNTIME setting in the Function App configuration should be set to the appropriate value based on the language you are using. This setting is used to determine the language worker that will be used to execute your functions.