We are excited to announce that Secure Unique Default Hostnames are now generally available for Azure Functions and Logic Apps, expanding this security enhancement across the full App Service ecosystem.
We are pleased to announce that Secure Unique Default Hostnames are now generally available (GA) for Azure Functions and Logic Apps (Standard). This expands the security model previously available for Web Apps to the entire App Service ecosystem and provides customers with stronger, more secure, and standardized hostname behavior across all workloads.
Why This Feature Matters
Historically, App Service resources have used default hostname format such as:
<SiteName>.azurewebsites.net
While straightforward, this pattern introduced potential security risks, particularly in scenarios where DNS records were left behind after deleting a resource. In those situations, a different user could create a new resource with the same name and unintentionally receive traffic or bindings associated with the old DNS configuration, creating opportunities for issues such as subdomain takeover.
Secure Unique Default Hostnames address this by assigning a unique, randomized, region‑scoped hostname to each resource, for example:
<SiteName>-<Hash>.<Region>.azurewebsites.net
This change ensures that:
- No other customer can recreate the same default hostname.
- Apps inherently avoid risks associated with dangling DNS entries.
- Customers gain a more secure, reliable baseline behavior across App Service.
Adopting this model now helps organizations prepare for the long‑term direction of the platform while improving security posture today.
What’s New: GA Support for Functions and Logic Apps
With this release, both Azure Functions and Logic Apps (Standard) fully support the Secure Unique Default Hostname capability. This brings these services in line with Web Apps and ensures customers across all App Service workloads benefit from the same secure and consistent default hostname model.
Azure CLI Support
The Azure CLI for Web Apps and Function Apps now includes support for the “--domain-name-scope” parameter. This allows customers to explicitly specify the scope used when generating a unique default hostname during resource creation.
Examples:
az webapp create --domain-name-scope {NoReuse, ResourceGroupReuse, SubscriptionReuse, TenantReuse}
az functionapp create --domain-name-scope {NoReuse, ResourceGroupReuse, SubscriptionReuse, TenantReuse}
Including this parameter ensures that deployments consistently use the intended hostname scope and helps teams prepare their automation and provisioning workflows for the secure unique default hostname model.
Why Customers Should Adopt This Now
While existing resources will continue to function normally, customers are strongly encouraged to adopt Secure Unique Default Hostnames for all new deployments. Early adoption provides several important benefits:
- A significantly stronger security posture.
- Protection against dangling DNS and subdomain takeover scenarios.
- Consistent default hostname behavior as the platform evolves.
- Alignment with recommended deployment practices and modern DNS hygiene.
This feature represents the current best practice for hostname management on App Service and adopting it now helps ensure that new deployments follow the most secure and consistent model available.
Recommended Next Steps
- Enable Secure Unique Default Hostnames for all new Web Apps, Function Apps, and Logic Apps.
- Update automation and CLI scripts to include the --domain-name-scope parameter when creating new resources.
- Begin updating internal documentation and operational processes to reflect the new hostname pattern.
Additional Resources
For readers who want to explore the technical background and earlier announcements in more detail, the following articles offer deeper coverage of unique default hostnames:
Public Preview: Creating Web App with a Unique Default Hostname
This article introduces the foundational concepts behind unique default hostnames. It explains why the feature was created, how the hostname format works, and provides examples and guidance for enabling the feature when creating new resources.
Secure Unique Default Hostnames: GA on App Service Web Apps and Public Preview on Functions
This article provides the initial GA announcement for Web Apps and early preview details for Functions. It covers the security benefits, recommended usage patterns, and guidance on how to handle existing resources that were created without unique default hostnames.
Conclusion
Secure Unique Default Hostnames now provide a more secure and consistent default hostname model across Web Apps, Function Apps, and Logic Apps. This enhancement reduces DNS‑related risks and strengthens application security, and organizations are encouraged to adopt this feature as the standard for new deployments.
Microsoft