Generally available: Enhanced network security features for App Service Basic SKU

Published Apr 14 2022 09:25 AM 3,902 Views
Microsoft
App Service now supports VNet integration (outbound) and private endpoints (inbound) all the way down to the Basic SKU. The App Service VNet integration feature enables your apps to access resources in or through a virtual network but doesn't grant inbound private access to your apps. For inbound access, you need private endpoints, which allow clients located in your private network to securely access your apps over Private Link, which eliminates exposure from the public internet.

 

With this update, you can use our lower-cost tiers and achieve the same level of security that you could previously only achieve with our high-end SKUs. Note that if you want to downgrade an existing App Service Plan and still use VNet integration, you need to be on the newer App Service footprint to ensure you’re App Service Plan supports VNet integration for Basic SKU. For more details, see the VNet integration limitations.
 

 

6 Comments
%3CLINGO-SUB%20id%3D%22lingo-sub-3285943%22%20slang%3D%22en-US%22%3EGenerally%20available%3A%20Enhanced%20network%20security%20features%20for%20App%20Service%20Basic%20SKU%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3285943%22%20slang%3D%22en-US%22%3E%3CDIV%3E%3CSPAN%3EApp%20Service%20now%20supports%20%3C%2FSPAN%3E%3CA%20title%3D%22Integrate%20your%20app%20with%20an%20Azure%20virtual%20network%22%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fazure%2Fapp-service%2Foverview-vnet-integration%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3E%3CSPAN%3EVNet%20integration%3C%2FSPAN%3E%3C%2FA%3E%3CSPAN%3E%26nbsp%3B(outbound)%20and%20%3C%2FSPAN%3E%3CA%20title%3D%22Using%20Private%20Endpoints%20for%20Azure%20Web%20App%22%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fazure%2Fapp-service%2Fnetworking%2Fprivate-endpoint%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3E%3CSPAN%3Eprivate%20endpoints%3C%2FSPAN%3E%3C%2FA%3E%3CSPAN%3E%26nbsp%3B(inbound)%20all%20the%20way%20down%20to%20the%20%3C%2FSPAN%3E%3CA%20title%3D%22App%20Service%20pricing%22%20href%3D%22https%3A%2F%2Fazure.microsoft.com%2Fpricing%2Fdetails%2Fapp-service%2Flinux%2F%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3E%3CSPAN%3EBasic%20SKU%3C%2FSPAN%3E%3C%2FA%3E%3CSPAN%3E.%20The%20App%20Service%20VNet%20integration%20feature%20enables%20your%20apps%20to%20access%20resources%20in%20or%20through%20a%20virtual%20network%20but%20doesn't%20grant%20inbound%20private%20access%20to%20your%20apps.%20For%20inbound%20access%2C%20you%20need%20private%20endpoints%2C%20which%20allow%20clients%20located%20in%20your%20private%20network%20to%20securely%20access%20your%20apps%20over%20Private%20Link%2C%20which%20eliminates%20exposure%20from%20the%20public%20internet.%3C%2FSPAN%3E%3C%2FDIV%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CDIV%3E%3CSPAN%3E%3CSPAN%3EWith%20this%20update%2C%20you%20can%20use%20our%20lower-cost%20tiers%20and%20achieve%20the%20same%20level%20of%20security%20that%20you%20could%20previously%20only%20achieve%20with%20our%20high-end%20SKUs.%20Note%20that%20if%20you%20want%20to%20downgrade%20an%20existing%20App%20Service%20Plan%20and%20still%20use%20VNet%20integration%2C%26nbsp%3B%3C%2FSPAN%3E%3C%2FSPAN%3E%3CSPAN%3Eyou%20need%20to%20be%20on%20the%20newer%20App%20Service%20footprint%20to%20ensure%20you%E2%80%99re%20App%20Service%20Plan%20supports%20VNet%20integration%20for%20Basic%20SKU.%20For%20more%20details%2C%20see%20the%20VNet%20integration%26nbsp%3B%3C%2FSPAN%3E%3CA%20style%3D%22font-family%3A%20inherit%3B%20background-color%3A%20%23ffffff%3B%22%20title%3D%22Integrate%20your%20app%20with%20an%20Azure%20virtual%20network%22%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fazure%2Fapp-service%2Foverview-vnet-integration%23limitations%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Elimitations%3C%2FA%3E.%3C%2FDIV%3E%0A%3CDIV%3E%26nbsp%3B%3C%2FDIV%3E%0A%3CDIV%3E%3CSPAN%3ELearn%20how%20to%20%3CA%20title%3D%22Enable%20virtual%20network%20integration%20in%20Azure%20App%20Service%22%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fazure%2Fapp-service%2Fconfigure-vnet-integration-enable%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Eenable%20%3C%2FA%3E%3C%2FSPAN%3E%3CA%20title%3D%22Enable%20virtual%20network%20integration%20in%20Azure%20App%20Service%22%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fazure%2Fapp-service%2Fconfigure-vnet-integration-enable%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3E%3CSPAN%3Evirtual%20network%20integration%3C%2FSPAN%3E%3C%2FA%3E%3CSPAN%3E.%3C%2FSPAN%3E%3C%2FDIV%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CDIV%3E%3CSPAN%3ELearn%20how%20to%20%3C%2FSPAN%3E%3CA%20title%3D%22Tutorial%3A%20Connect%20to%20a%20web%20app%20using%20an%20Azure%20Private%20Endpoint%22%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fazure%2Fprivate-link%2Ftutorial-private-endpoint-webapp-portal%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3E%3CSPAN%3Econnect%20to%20a%20web%20app%20using%20an%20Azure%20Private%20endpoint%3C%2FSPAN%3E%3C%2FA%3E%3CSPAN%3E.%3CBR%20%2F%3E%3C%2FSPAN%3E%3C%2FDIV%3E%3C%2FLINGO-BODY%3E%3CLINGO-TEASER%20id%3D%22lingo-teaser-3285943%22%20slang%3D%22en-US%22%3E%3CDIV%3E%0A%3CDIV%3E%3CSPAN%3EApp%20Service%20now%20supports%20%3C%2FSPAN%3E%3CSPAN%3EVNet%20integration%3C%2FSPAN%3E%3CSPAN%3E%26nbsp%3B(outbound)%20and%20%3C%2FSPAN%3E%3CSPAN%3Eprivate%20endpoints%3C%2FSPAN%3E%3CSPAN%3E%26nbsp%3Ball%20the%20way%20down%20to%20the%20%3C%2FSPAN%3E%3CSPAN%3EBasic%20SKU%3C%2FSPAN%3E%3CSPAN%3E.%3C%2FSPAN%3E%3C%2FDIV%3E%0A%3C%2FDIV%3E%3C%2FLINGO-TEASER%3E%3CLINGO-LABS%20id%3D%22lingo-labs-3285943%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EWeb%20Apps%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3297955%22%20slang%3D%22en-US%22%3ERe%3A%20Generally%20available%3A%20Enhanced%20network%20security%20features%20for%20App%20Service%20Basic%20SKU%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3297955%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1371558%22%20target%3D%22_blank%22%3E%40erik_oleary%3C%2FA%3E%26nbsp%3BAt%20this%20time%2C%20that%20is%20the%20only%20workaround.%20We%20are%20exploring%20alternative%20solutions.%20In%20other%20news%2C%20we%20are%20pushing%20a%20fix%20that%20addresses%20the%20scaling%20issues%20you%20experienced%20that%20should%20be%20implemented%20shortly.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3294204%22%20slang%3D%22en-US%22%3ERe%3A%20Generally%20available%3A%20Enhanced%20network%20security%20features%20for%20App%20Service%20Basic%20SKU%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3294204%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1185852%22%20target%3D%22_blank%22%3E%40jordanselig%3C%2FA%3E%26nbsp%3Bthat's%20fascinating%20advice%20to%20workaround%20this%20issue.%20Is%20there%20a%20better%20solution%20forthcoming%3F%20I%20feel%20like%20a%20'StandardV3'%20or%20'BasicV3'%20may%20be%20needed.%20If%20the%20behavior%2Fcapabilities%20of%20your%20app%20is%20different%20on%20different%20'stamp's%20which%20you%20cant%20even%20choose%20with%2C%20say%2C%20a%20bicep%20template%2C%20that%20are%20just%20randomly%20assigned%20when%20you%20create%20a%20resource%20group%20that's%20just%20a%20bad%20outcome.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3294183%22%20slang%3D%22en-US%22%3ERe%3A%20Generally%20available%3A%20Enhanced%20network%20security%20features%20for%20App%20Service%20Basic%20SKU%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3294183%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1371558%22%20target%3D%22_blank%22%3E%40erik_oleary%3C%2FA%3E%26nbsp%3B-%20Some%20stamps%20will%20not%20support%20vnet%20integration%20down%20to%20the%20standard%2Fbasic%20tier%20even%20in%20new%20resource%20deployments%20due%20to%20certain%20infrastructure%20constraints.%20To%20ensure%20your%20App%20Service%20is%20on%20a%20stamp%20that%20supports%20this%20feature%2C%20c%3CSPAN%3Ereate%20your%20app%20in%20a%20Premium%20v3%20App%20Service%20plan%20since%20those%20plans%20are%20only%20supported%20on%20our%20newest%20deployments.%20You%20can%20scale%20down%20to%20the%20basic%20tier%20after%20the%20plan%20is%20created.%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%3ERegarding%20the%20%22regional%20vnet%22%20error%20message%20you%20are%20seeing%2C%20that%20issue%20was%20raised%20the%20other%20day%20and%20we%20are%20actively%20investigating.%20Apologies%20for%20any%20inconvenience.%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3293111%22%20slang%3D%22en-US%22%3ERe%3A%20Generally%20available%3A%20Enhanced%20network%20security%20features%20for%20App%20Service%20Basic%20SKU%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3293111%22%20slang%3D%22en-US%22%3E%3CP%3E%22%3CSPAN%3Eyou%20need%20to%20be%20on%20the%20newer%20App%20Service%20footprint%20to%20ensure%20you%E2%80%99re%20App%20Service%20Plan%20supports%20VNet%20integration%20for%20Basic%20SKU%22%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3EWhat%20does%20this%20mean%3F%20I%20just%20created%20a%20brand%20new%20resource%20group%20and%20app%20service%20plan%20and%20I%20don't%20see%20vnet%20support.%20I'm%20able%20to%20create%20a%20basic%20app%20with%20vnet%20via%20bicep%20but%20if%20I%20try%20to%20scale%20it%20up%20or%20modify%20it%20after%20it%20deploys%20I'm%20unable%20to%20-%20it%20complains%20about%20being%20in%20a%20regional%20vnet%20and%20it%20must%20be%20removed%20first.%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3286698%22%20slang%3D%22en-US%22%3ERe%3A%20Generally%20available%3A%20Enhanced%20network%20security%20features%20for%20App%20Service%20Basic%20SKU%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3286698%22%20slang%3D%22en-US%22%3E%3CP%3EGreat%20news!%20While%20we'll%20still%20be%20sticking%20with%20premium%20for%20other%20features%2C%20it's%20nice%20to%20see%20security%20features%20being%20made%20more%20easily%20available%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3372506%22%20slang%3D%22en-US%22%3ERe%3A%20Generally%20available%3A%20Enhanced%20network%20security%20features%20for%20App%20Service%20Basic%20SKU%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3372506%22%20slang%3D%22en-US%22%3E%3CP%3EWoohoo%20no%20more%20App%20Service%20Environments!!!!%3C%2FP%3E%3C%2FLINGO-BODY%3E
Version history
Last update:
‎Apr 15 2022 09:42 AM
Updated by: