Blog Post

Apps on Azure Blog
2 MIN READ

Name Reservation on App Service for Web Apps and App Service Environment (ASE)

Stefan_Schackow's avatar
Stefan_Schackow
Icon for Microsoft rankMicrosoft
Nov 14, 2022

App Service will be rolling out a Name Reservation feature to protect customers from the threat of subdomain takeovers.  The rollout is starting now (November 14th) and is expected to run through approximately December 15th. This new built-in feature creates a name reservation for web application names and for App Service Environment (ASE) names during the creation of those resources. No additional changes or configuration are needed by the customer to establish a name reservation.  

 

The name reservation for a given resource name will exist from the moment the resource is created and for a lengthy time period after the resource has been deleted (a cooldown period). This means that during the cooldown period after resource deletion, other subscriptions outside of the original creating Azure AD tenant will not be able to create a web application or ASE using the same name. However, once the cooldown period has ended, the name reservation will be released, and any subscription will then be able to create a web application or ASE with that given name. 

 

How Does This Affect Me?

This change is not expected to affect most customers.  If you delete a web application or an ASE, you will still be able to recreate a new web application or ASE using the same name during the cooldown period as long as a subscription within the same Azure AD tenant is used.  This means customers who create --> delete --> recreate resources with the same name, in the same Azure AD tenant, as they go through testing and production stages will be unaffected. 

 

Name Reservation ensures that in between the time a customer deletes and then recreates a resource, another customer is not able to create a resource with the same name.

 

Additional Information

To learn more about Name Reservation on App Service: How App Service Prevents Subdomain Takeovers

 

To learn more about the different ways to avoid subdomain takeover on App Service: Mitigating subdomain takeover in Azure App Service

 

To learn more about the one-to-many relationship between an Azure AD tenant and an Azure subscription:  Azure subscriptions and Azure AD Tenants 

 

Updated Nov 14, 2022
Version 1.0
azure app service

9 Comments

Sort By
  • Sebastian_Gauna's avatar
    Sebastian_Gauna
    Copper Contributor
    Jan 11, 2024

    In response to Mike, If Microsoft wants to protect us, they could even requiere us to enter de subscription id to which we want to allow to reuse the name, instead of allowing us to manually purge the name... But no, we have to wait!! I cannot wait, so under this circumstances, I'll have to break or change our naming conventions... Nice.

  • Mike_Williams_UK's avatar
    Mike_Williams_UK
    Copper Contributor
    Jan 11, 2024

    Or maybe more secure, create an API to transfer the name reservation to the target subscription.

  • Mike_Williams_UK's avatar
    Mike_Williams_UK
    Copper Contributor
    Jan 11, 2024

    I 100% agree with automatic protection against re use of the domain names when an app is deleted.

    BUT a way must be made to instantly purge the names rather than having to wait 30 days which is a lifetime in computing terms and could make a business go bust in extreme circumstances.

  • Sebastian_Gauna's avatar
    Sebastian_Gauna
    Copper Contributor
    Jan 11, 2024

    Terrible bad feature, in the company I work for we need to move like 20 app services to another Tenant and I can not reuse the name, which complies with the naming conventions we have set...

     

    Why does Microsoft a lot of times does things half the way??? How come on this earth didn't Microsoft think about allowing us to manually purge the names.

    Microsoft thinks that is "protecting" customers but in our case it's all the opposite.

  • Thomas_Dam's avatar
    Thomas_Dam
    Copper Contributor
    Apr 24, 2023

    Stefan_Schackow , I appreciate the intention, but have the same question as above.

     

    I was learning how to create a Wordpress site on one tenant with my preferred web app name. I have since deleted it and would like to re-create it under a separate tenant. Is it possible to release it from tenant A?

     

    Alternatively, can I re-create the web app with the desired name in Tenant A under a separate subscription and then assign the billing of the subscription and move it to Tenant B?

     

    Edit: Sounds like the reservation lasts for 7 days https://learn.microsoft.com/en-us/answers/questions/1151487/why-is-it-not-possible-to-hard-delete-an-azure-web?orderBy=Oldest

    Seems like it is at least a month. Would have been nice if there was a way to release it other than paying EUR 20 for a support subscription...

  • Mike_Williams_UK's avatar
    Mike_Williams_UK
    Copper Contributor
    Jan 05, 2023

    Is there are way to force the release of the reservation?

    I have the need to move a Web App and an Azure Function App to another Azure Directory with zero down time.

    This new feature is preventing this.

  • Stefan_Schackow's avatar
    Stefan_Schackow
    Icon for Microsoft rankMicrosoft
    Nov 18, 2022

    Thank you for the feedback.  Currently the cool down period is fixed, but we will raise this with the team that manages this feature.

  • hvm2000's avatar
    hvm2000
    Copper Contributor
    Nov 18, 2022

    Nice one.. Is this cool down period configurable at all or is purely managed by Microsoft?

     

    I personally think, making it configurable gives the organisations chance to align it with their clean up of dangling DNS entries. Just a thought!