Blog Post

Apps on Azure Blog
2 MIN READ

Deploy secure App Service resources to prevent dangling DNS entries and avoid subdomain takeover

YutangLin's avatar
YutangLin
Icon for Microsoft rankMicrosoft
Nov 18, 2024

Announcing the General Availability of secure unique default hostnames on App Service Web Apps and Public Preview on Functions!

Back in May 2024, we announced the Public Preview of Secure Unique Default Hostnames on Web Apps. We are excited to announce that this feature is now in General Availability on Web Apps and is now in Public Preview for Functions! This feature works similarly for both Web Apps and Functions, so you can refer to the Public Preview announcement for more in-depth information regarding this feature.   

Secure unique default hostname feature is a long-term solution to protect your resources from dangling DNS entries and subdomain takeover. If you have this feature enabled for your App Service resources, then no one outside of your organization would be able to recreate resources with the same default hostname. This means that malicious actors can no longer take advantage of your dangling DNS entries and takeover your subdomains. We highly encourage everyone to enable secure unique default hostnames on their net-new App Service deployments.  

Addressing pre-existing resources without secure unique default hostnames enabled 

Since this feature can only be enabled upon resource creation, if you’d like to use this feature for your pre-existing resources, you can:  

  • Clone a pre-existing app to a new app with secure unique default hostname enabled

    • Screenshot of cloning pre-existing app to an app that's about to be created with secure unique default hostname enabled.

  • Use a backup of a pre-existing app to restore to a new app with secure unique default hostname enabled

    • Screenshot of using a backup of a pre-existing app to restore to an app that's about to be created with secure unique default hostname enabled.

Looking ahead 

We highly encourage everyone to enable secure unique default hostnames on all net-new App Service deployments. This is the time to integrate and to adopt this feature to your testing and production environments so that you can build more secure App Service resources to prevent dangling DNS entries and avoid subdomain takeover. 

Keep an eye out for future announcements where we will launch secure unique default hostnames in Public Preview for Logic Apps (Standard)! 

Updated Nov 18, 2024
Version 1.0
azure app service
azure functions
best practices
microsoft ignite 2024
modern apps
serverless
updates
web apps
No CommentsBe the first to comment