Announcing App Service Multi-plan subnet join

Microsoft

Nov 02, 2023

Virtual network integration in App Service requires one subnet per App Service plan integration today. If you are working with many App Service plans, managing the subnets can be an unnecessary administrative task. Therefore, I am happy to announce that as of November 1, 2024, multi plan subnet join (MPSJ) is generally available in all public regions.

MPSJ reduces subnet sprawl when dealing with many apps across many plans and simplifies management of networking control such as Network Security Groups and Route tables across App Service plans.

A subnet used for MPSJ must have an address space of at least /26 (64 addresses). With MPSJ you can join a virtual network/subnet in a different subscription, but all App Service plans joining a specific subnet must be in the same subscription.

You may still want to use individual subnets if you plan to differentiate on Network Security Group configuration, NAT gateway or other subnet specific configurations.

When using MPSJ you will need to pay extra attention to the subnet size. Each instance from each App Service plan requires one IP address. When scaling up/down, the IP address requirement is still doubled for that specific plan, and when scaling in it may take some time before the IP addresses are released. There is no limit on the number of App Service plans you can join with a single subnet, but you will be limited by the number of available IPs.

In addition to the Azure portal, you can also use the Azure CLI or ARM to enable the feature. To connect using CLI you need the Azure Resource Id of the subnet:

az resource update --name <app-name> --resource-type "Microsoft.Web/sites" --resource-group <resource-group-name> --set properties.virtualNetworkSubnetId="/subscriptions/<subcription-id>/resourceGroups/<resource-group-name>/providers/Microsoft.Network/virtualNetworks/<virtual-network-name>/subnets/<subnet-name>"

Azure portal enables virtual network routing of application outbound internet traffic by default, but if you are joining using CLI, you either have to go to the Azure portal afterwards to configure that or you can run this script:

az resource update --name <app-name> --resource-type "Microsoft.Web/sites" --resource-group <resource-group-name> --set properties.vnetRouteAllEnabled=true

Questions/Feedback

If you have any questions or feedback, please leave a comment below.

Updated Oct 28, 2024

Version 10.0

azure app service

jordanselig

Microsoft

Joined October 14, 2021

View Profile

Apps on Azure Blog

Follow this blog board to get notified when there's new activity

halfspace-knn
Copper Contributor
Jan 27, 2024
Any news on GA dates ?
jordanselig
Microsoft
Mar 05, 2024
halfspace-knn Targeting Q3 of this year.

denisaguilar Should be available in the next week or two. Appreciate the patience!
jordanselig
Microsoft
Apr 02, 2024
meps007 Happy to announce it's now available in West Europe, feel free to test it out. I'll get the list in this post updated shortly.
jordanselig
Microsoft
Apr 29, 2024
davidkarlsen We now support all public Azure regions that App Service is available in, which includes both Norway East and West.
SNeal205
Copper Contributor
Jun 21, 2024
Any more recent updates on GA for this? Just looking at creating a bunch of new ASP's within an existing platform and this feature would be super useful.
jordanselig
Microsoft
Jul 08, 2024
SNeal205 GA is still a couple weeks out at this point unfortunately. Still pending the deployment our latest platform release. Will keep this forum updated as that progresses.
chiuho
Microsoft
Aug 05, 2024
Checked the document it is still in preview.
Integrate your app with an Azure virtual network - Azure App Service | Microsoft Learn

Any update on the GA schedule? Thank you.
Nofit64
Copper Contributor
Oct 14, 2024
chiuho jordanselig
Feature is indeed still in preview. We are really waiting for this feature to go into GA because of SLA requirements. Is there a more precised date on when this is going into GA?

Thanks in advance,

Nofit
jordanselig
Microsoft
Oct 23, 2024
JurajPetras It works with slots. Did you also try the portal or only CLI? If you want to use the CLI command for the integration with a slot, use the --ids parameter to specify the slot rather than the name/resource type/resource group params. Those get tricky with slots and I need to look into how to get that working. You can do something like this instead:

az resource update --ids /subscriptions/<sub-id>/resourceGroups/<rg-name>/providers/Microsoft.Web/sites/<site-name>/slots/<slot-name> --set properties.virtualNetworkSubnetId="/subscriptions/<sub-id>/resourceGroups/<rg-name>/providers/Microsoft.Network/virtualNetworks/<vnet-name>/subnets/<subnet-name>"
jordanselig
Microsoft
Oct 23, 2024
Latest update: GA is expected by end of month.

We are rolling out the final fixes to the remaining regions and once deployed everywhere, we will announce GA. Thank you all of the patience.

Blog Post

Announcing App Service Multi-plan subnet join

Questions/Feedback

Share