Common Misconceptions When Running Locally vs. Deploying to Azure Linux-based Web Apps
TOC Introduction Environment Variable Build Time Compatible Memory Conclusion 1. Introduction One of the most common issues during project development is the scenario where “the application runs perfectly in the local environment but fails after being deployed to Azure.” In most cases, deployment logs will clearly reveal the problem and allow you to fix it quickly. However, there are also more complicated situations where "due to the nature of the error itself" relevant logs may be difficult to locate. This article introduces several common categories of such problems and explains how to troubleshoot them. We will demonstrate them using Python and popular AI-related packages, as these tend to exhibit compatibility-related behavior. Before you begin, it is recommended that you read Deployment and Build from Azure Linux based Web App | Microsoft Community Hub on how Azure Linux-based Web Apps perform deployments so you have a basic understanding of the build process. 2. Environment Variable Simulating a Local Flask + sklearn Project First, let’s simulate a minimal Flask + sklearn project in any local environment (VS Code in this example). For simplicity, the sample code does not actually use any sklearn functions; it only displays plain text. app.py from flask import Flask app = Flask(__name__) @app.route("/") def index(): return "hello deploy environment variable" if __name__ == "__main__": app.run(host="0.0.0.0", port=8000) We also preset the environment variables required during Azure deployment, although these will not be used when running locally. .deployment [config] SCM_DO_BUILD_DURING_DEPLOYMENT=false As you may know, the old package name sklearn has long been deprecated in favor of scikit-learn. However, for the purpose of simulating a compatibility error, we will intentionally specify the outdated package name. requirements.txt Flask==3.1.0 gunicorn==23.0.0 sklearn After running the project locally, you can open a browser and navigate to the target URL to verify the result. python3 -m venv .venv source .venv/bin/activate pip install -r requirements.txt python app.py Of course, you may encounter the same compatibility issue even in your local environment. Simply running the following command resolves it: export SKLEARN_ALLOW_DEPRECATED_SKLEARN_PACKAGE_INSTALL=True We will revisit this error and its solution shortly. For now, create a Linux Web App running Python 3.12 and configure the following environment variables. We will define Oryx Build as the deployment method. SCM_DO_BUILD_DURING_DEPLOYMENT=false WEBSITE_RUN_FROM_PACKAGE=false ENABLE_ORYX_BUILD=true After deploying the code and checking the Deployment Center, you should see an error similar to the following. From the detailed error message, the cause is clear: sklearn is deprecated and replaced by scikit-learn, so additional compatibility handling is now required by the Python runtime. The error message suggests the following solutions: Install the newer scikit-learn package directly. If your project is deeply coupled to the old sklearn package and cannot be refactored yet, enable compatibility by setting an environment variable to allow installation of the deprecated package. Typically, this type of “works locally but fails on Azure” behavior happens because the deprecated package was installed in the local environment a long time ago at the start of the project, and everything has been running smoothly since. Package compatibility issues like this are very common across various languages on Linux. When a project becomes tightly coupled to an outdated package, you may not be able to upgrade it immediately. In these cases, compatibility workarounds are often the only practical short-term solution. In our example, we will add the environment variable: SKLEARN_ALLOW_DEPRECATED_SKLEARN_PACKAGE_INSTALL=True However, here comes the real problem: This variable is needed during the build phase, but the environment variables set in Azure Portal’s Application Settings only take effect at runtime. So what should we do? The answer is simple, shift the Oryx Build process from build-time to runtime. First, open Azure Portal → Configuration and disable Oryx Build. ENABLE_ORYX_BUILD=false Next, modify the project by adding a startup script. run.sh #!/bin/bash export SKLEARN_ALLOW_DEPRECATED_SKLEARN_PACKAGE_INSTALL=True python -m venv .venv source .venv/bin/activate pip install -r requirements.txt python app.py The startup script works just like the commands you run locally before executing the application. The difference is that you can inject the necessary compatibility environment variables before running pip install or starting the app. After that, return to Azure Portal and add the following Startup Command under Stack Settings. This ensures that your compatibility environment variables and build steps run before the runtime starts. bash run.sh Your overall project structure will now look like this. Once redeployed, everything should work correctly. 3. Build Time Build-Time Errors Caused by AI-Related Packages Many build-time failures are caused by AI-related packages, whose installation processes can be extremely time-consuming. You can investigate these issues by reviewing the deployment logs at the following maintenance URL: https://<YOUR_APP_NAME>.scm.azurewebsites.net/newui Compatible Let’s simulate a Flask + numpy project. The code is shown below. app.py from flask import Flask app = Flask(__name__) @app.route("/") def index(): return "hello deploy compatible" if __name__ == "__main__": app.run(host="0.0.0.0", port=8000) We reuse the same environment variables from the sklearn example. .deployment [config] SCM_DO_BUILD_DURING_DEPLOYMENT=false This time, we simulate the incompatibility between numpy==1.21.0 and Python 3.10. requirements.txt Flask==3.1.0 gunicorn==23.0.0 numpy==1.21.0 We will skip the local execution part and move directly to creating a Linux Web App running Python 3.10. Configure the same environment variables as before, and define the deployment method as runtime build. SCM_DO_BUILD_DURING_DEPLOYMENT=false WEBSITE_RUN_FROM_PACKAGE=false ENABLE_ORYX_BUILD=false After deployment, Deployment Center shows a successful publish. However, the actual website displays an error. At this point, you must check the deployment log files mentioned earlier. You will find two key logs: 1. docker.log Displays real-time logs of the platform creating and starting the container. In this case, you will see that the health probe exceeded the default 230-second startup window, causing container startup failure. This tells us the root cause is container startup timeout. To determine why it timed out, we must inspect the second file. 2. default_docker.log Contains the internal execution logs of the container. Not generated in real time, usually delayed around 15 minutes. Therefore, if docker.log shows a timeout error, wait at least 15 minutes to allow the logs to be written here. In this example, the internal log shows that numpy was being compiled during pip install, and the compilation step took too long. We now have a concrete diagnosis: numpy 1.21.0 is not compatible with Python 3.10, which forces pip to compile from source. The compilation exceeds the platform’s startup time limit (230 seconds) and causes the container to fail. We can verify this by checking numpy’s official site: numpy · PyPI numpy 1.21.0 only provides wheels for cp37, cp38, cp39 but not cp310 (which is python 3.10). Thus, compilation becomes unavoidable. Possible Solutions Set the environment variable WEBSITES_CONTAINER_START_TIME_LIMIT to increase the allowed container startup time. Downgrade Python to 3.9 or earlier. Upgrade numpy to 1.21.0+, where suitable wheels for Python 3.10 are available. In this example, we choose this option. After upgrading numpy to version 1.25.0 (which supports Python 3.10) from specifying in requirements.txt and redeploying, the issue is resolved. numpy · PyPI requirements.txt Flask==3.1.0 gunicorn==23.0.0 numpy==1.25.0 Memory The final example concerns the App Service SKU. AI packages such as Streamlit, PyTorch, and others require significant memory. Any one of these packages may cause the build process to fail due to insufficient memory. The error messages vary widely each time. If you repeatedly encounter unexplained build failures, check Deployment Center or default_docker.log for Exit Code 137, which indicates that the system ran out of memory during the build. The only solution in such cases is to scale up. 4. Conclusion This article introduced several common troubleshooting techniques for resolving Linux Web App issues caused during the build stage. Most of these problems relate to package compatibility, although the symptoms may vary greatly. By understanding the debugging process demonstrated in these examples, you will be better prepared to diagnose and resolve similar issues in future deployments.Announcing the Public Preview of the New App Service Quota Self-Service Experience
Update 10/30/2025: The App Service Quota Self-Service experience is back online after a short period where we were incorporating your feedback and making needed updates. As this is public preview, availability and features are subject to change as we receive and incorporate feedback. What’s New? The updated experience introduces a dedicated App Service Quota blade in the Azure portal, offering a streamlined and intuitive interface to: View current usage and limits across the various SKUs Set custom quotas tailored to your App Service plan needs This new experience empowers developers and IT admins to proactively manage resources, avoid service disruptions, and optimize performance. Quick Reference - Start here! If your deployment requires quota for ten or more subscriptions, then file a support ticket with problem type Quota following the instructions at the bottom of this post. If any subscription included in your request requires zone redundancy (note that most Isolated v2 deployments require ZR), then file a support ticket with problem type Quota following the instructions at the bottom of this post. Otherwise, leverage the new self-service experience to increase your quota automatically. Self-service Quota Requests For non-zone-redundant needs, quota alone is sufficient to enable App Service deployment or scale-out. Follow the provided steps to place your request. 1. Navigate to the Quotas resource provider in the Azure portal 2. Select App Service (Pubic Preview) Navigating the primary interface: Each App Service VM size is represented as a separate SKU. If the intention is to be able to scale up or down within a specific offering (e.g., Premium v3), then equivalent number of VMs need to be requested for each applicable size of that offering (e.g., request 5 instances for both P1v3 and P3v3). As with other quotas, you can filter by region, subscription, provider, or usage. Note that your portal will now show "App Service (Public Preview)" for the Provider name. You can also group the results by usage, quota (App Service VM type), or location (region). Current usage is represented as App Service VMs. This allows you to quickly identify which SKUs are nearing their quota limits. Adjustments can be made inline: no need to visit another page. This is covered in detail in the next section. Total Regional VMs: There is a SKU in each region called Total Regional VMs. This SKU summarizes your usage and available quota across all individual SKUs in that region. There are three key points about using Total Regional VMs. You should never request Total Regional VMs quota directly - it will automatically increase in response to your request for individual SKU quota. If you are unable to deploy a given SKU, then you must request more quota for that SKU to unblock deployment. For your deployment to succeed, you must have sufficient quota in the individual SKU as well as Total Regional VMs. If either usage is at its respective limit, then you will be unable to deploy and must request more of that individual SKU's quota to proceed. In some regions, Total Regional VMs appears as "0 of 0" usage and limit and no individual SKU quotas are shown. This is an indication that you should not interact with the portal to resolve any quota-related issues in this region. Instead, you should try the deployment and observe any error messages that arise. If any error messages indicate more quota is needed, then this must be requested by filing a support ticket with problem type Quota following the instructions at the bottom of this post so that App Service can identify and fix any potential quota issues. In most cases, this will not be necessary, and your deployment will work without requesting quota wherever "0 of 0" is shown for Total Regional VMs and no individual SKU quotas are visible. See the example below: 3. Request quota adjustments Clicking the pen icon opens a flyout window to capture the quota request: The quota type (App Service SKU) is already populated, along with current usage. Note that your request is not incremental: you must specify the new limit that you wish to see reflected in the portal. For example, to request two additional instances of P1v2 VMs, you would file the request like this: Click submit to send the request for automatic processing. How quota approvals work: Immediately upon submitting a quota request, you will see a processing dialog like the one shown: If the quota request can be automatically fulfilled, then no support request is needed. You should receive this confirmation within a few minutes of submission: If the request cannot be automatically fulfilled, then you will be given the option to file a support request with the same information. In the example below, the requested new limit exceeds what can be automatically granted for the region: 4. If applicable, create support ticket When creating a support ticket, you will need to repopulate the Region and App Service plan details; the new limit has already been populated for you. If you forget the region or SKU that was requested, you can reference them in your notifications pane: If you choose to create a support ticket, then you will interact with the capacity management team for that region. This is a 24x7 service, so requests may be created at any time. Once you have filed the support request, you can track its status via the Help + support dashboard. Known issues The self-service quota request experience for App Service is in public preview. Here are some caveats worth mentioning while the team finalizes the release for general availability: Closing the quota request flyout window will stop meaningful notifications for that request. You can still view the outcome of your quota requests by checking actual quota, but if you want to rely on notifications for alerts, then we recommend leaving the quota request window open for the few minutes that it is processing. Some SKUs are not yet represented in the quota dashboard. These will be added later in the public preview. The Activity Log does not currently provide a meaningful summary of previous quota requests and their outcomes. This will also be addressed during the public preview. As noted in the walkthrough, the new experience does not enable zone-redundant deployments. Quota is an inherently regional construct, and zone-redundant enablement requires a separate step that can only be taken in response to a support ticket being filed. Quota API documentation is being drafted to enable bulk non-zone redundant quota requests without requiring you to file a support ticket. Filing a Support Ticket If your deployment requires zone redundancy or contains many subscriptions, then we recommend filing a support ticket with issue type "Technical" and problem type "Quota": We want your feedback! If you notice any aspect of the experience that does not work as expected, or you have feedback on how to make it better, please use the comments below to share your thoughts!Azure App Service AI Scenarios: Complete Sample with AI Foundry Integration
This sample application demonstrates how to implement various AI scenarios on Azure App Service using Azure AI Foundry. It provides production-ready code that you can integrate into your existing Flask applications by copying the AIPlaygroundCode package and following the integration steps. Ideal for: Developers looking to add AI capabilities to existing Flask applications, learn Azure AI Foundry integration patterns, and implement enterprise-grade AI features with minimal setup effort. Key Scenarios Covered Conversational AI: Natural language processing with context awareness and session management Reasoning Models: Advanced problem-solving capabilities with step-by-step analytical thinking Structured Output: JSON-formatted responses with schema validation for system integration Multimodal Processing: Image analysis and audio transcription using vision and audio models Enterprise Chat: Retail-optimized AI assistant with customer service and business intelligence scenarios Quick Start - Azure Deployment (Recommended) Prerequisites Azure CLI installed Azure Developer CLI (azd) installed Azure subscription with contributor access Optional: Azure AI Foundry access with existing model deployments if you want to use existing endpoints: Chat/Reasoning/Image model: gpt-4o-mini or similar for conversational AI, reasoning, and image analysis Audio model: gpt-4o-mini-audio-preview or similar for audio transcription and processing Model Compatibility: Use recommended models (gpt-4o-mini, gpt-35-turbo) to avoid deployment errors. Advanced models like gpt-4o may not be available in all regions One-Command Deployment Clone and Deploy git clone https://github.com/Azure-Samples/azure-app-service-ai-scenarios-integrated-sample.git cd azure-app-service-ai-scenarios-integrated-sample azd up What to Expect During Deployment When you run azd up, you'll see these prompts: Enter a unique environment name: → myai-demo Subscription Selection → Use arrow keys to select Resource Group → Create new or use existing Select a location to create the resource group in: e.g. East US Choose new (create AI services) or existing [new/existing]: e.g. existing Enter your project endpoint URL: e.g. https://your-project.services.ai.azure.com/models Enter your deployment name (gpt-4o-mini, gpt-4, gpt-35-turbo): e.g. gpt-4o-mini Enter your audio deployment name (gpt-4o-mini-audio-preview): e.g. gpt-4o-mini-audio-preview Select an Azure location to use: e.g. East US Automatic steps: Package building, RBAC setup, provisioning, deployment Expected deployment time: 4-5 minutes for complete provisioning and deployment Azure AI Foundry Integration During Deployment Duringazd up, you'll be prompted to configure AI setup: Prompt: "Do you have an existing Azure AI Foundry endpoint?" Answer "existing": If you have existing Azure AI Foundry resources You'll be asked to provide your endpoint URL (e.g., https://your-project.services.ai.azure.com/models) Managed Identity role permissions will be automatically configured on your endpoint You'll specify your existing model deployment names (chat model name e.g. gpt-4o-mini and audio model name e.g. gpt-4o-mini-audio-preview) Answer "new": Creates new Azure AI Foundry resources automatically Provisions new Azure AI Foundry project with required dependencies Deploys chat and audio models with configurable names (defaults: gpt-4o-mini and gpt-4o-mini-audio-preview) Configures Managed Identity integration and updates all required settings Configuration is automatic - all environment variables and permissions are set up during deployment! Note: You no longer need to manually configure AI settings or manage API keys - everything is handled automatically through Managed Identity integration. Test Your Application Click "🧪 Test Config" to verify connection, then start using AI scenarios! Refer to Usage Examples section below to test manually with sample scenarios What Gets Deployed Azure App Service (Basic B2 SKU) with Python 3.11 Azure AI Foundry resources (if "new" was chosen for existing endpoint): AI Hub with cognitive services multi-service account AI Project workspace with model deployments (gpt-4o-mini, gpt-4o-mini-audio-preview) Storage account for AI project data and model artifacts Managed Identity Configuration (automatic for both new and existing endpoints): System-assigned managed identity enabled on App Service "Cognitive Services OpenAI User" role assigned to access AI endpoints "AI Developer" role assigned for Azure AI Foundry project access All necessary environment variables configured automatically in App Service Local Development Setup Prerequisites Python 3.8+ Check version: python --version Download from: https://python.org/downloads/ Azure AI Foundry with deployed models 📖 Setup Guide: Create and deploy models in Azure AI Foundry Required models: gpt-4o-mini (chat/reasoning/image) and gpt-4o-mini-audio-preview (audio) Alternative: Use azd up deployment method above for automatic setup Step-by-Step Installation & Setup Step 1: Install and Launch Application Install Dependencies pip install -r requirements.txt Launch Application python app.py Verify Application is Running Open http://localhost:5000 in your browser You should see the application homepage Step 2: Configure AI Settings Open Settings Page Navigate to http://localhost:5000/settings Fill in Configuration Fields Azure AI Foundry Endpoint: https://your-project.services.ai.azure.com/models API Key: Your Azure AI Foundry API key (Note: For production deployment, Managed Identity is automatically configured) Chat Model Name: Your deployed chat model name (e.g., gpt-4o-mini) Audio Model Name: Your audio model deployment (e.g., gpt-4o-mini-audio-preview) Save and Test Configuration Click Save to store your settings Click "🧪 Test Config" to verify connection Wait for success confirmation message Step 3: Test Core Features Refer to the Test Core Features section below for detailed testing instructions with sample scenarios. ✅ Success Indicators: Configuration test shows success message Application loads at http://localhost:5000 Chat interface is accessible and functional Test Core Features Note: These tests work for both local development and Azure deployment setups. Step-by-Step Testing Guide 1. Access Chat Interface Go to http://localhost:5000 Click the floating AI chat button (bottom-right corner) Verify the chat popup opens correctly 2. Test Basic Conversational AI Test these exact messages (copy and paste): Identity Test: Message: "Who are you and what can you help with?" Expected: AI identifies as Enterprise AI Assistant, explains capabilities Product Inquiry Test: Message: "Tell me about features and price for Pro Gaming X1" Expected: Relevant product information response Customer Service Test: Message: "What is the return policy and how do I process a customer refund?" Expected: Helpful customer service guidance 3. Test Multimodal Features Image Analysis Testing: Type message: "Analyze this laptop and tell me its specifications" Click 📎 button to upload file Select file: tests/test_inputs/laptop.jpeg Send message Expected: AI describes laptop specifications from the image Audio Processing Testing: Type message: "Transcribe this customer service call" Click 📎 button to upload file Select file: tests/test_inputs/test_customer_service_audio.mp3 Send message Expected: AI provides transcription of the audio content 4. Test Advanced Reasoning Capabilities Complex Business Analysis Testing: Message: "Zava's sales have dropped 15% this quarter. Walk me through a systematic approach to identify root causes and develop an action plan." Expected: Structured analytical approach with step-by-step reasoning process ✅ Success Indicators: All chat responses are relevant and helpful Image analysis identifies laptop features accurately Audio transcription provides readable text from audio file Reasoning responses show structured analytical thinking No error messages in chat interface File uploads complete successfully Responses may show truncation message for long content (this is normal) Configuration test shows green success message 📁 Sample Test Files: Browse tests/test_inputs/ folder for additional sample images and audio files to test multimodal capabilities. Integration with Existing Applications This section provides guidance for integrating AI capabilities into your existing Flask applications. Note that this requires additional Azure resource setup and dependency management. Prerequisites for Integration Azure AI Foundry endpoint with model deployments: Chat/reasoning/image model (e.g., gpt-4o-mini) Audio model (e.g., gpt-4o-mini-audio-preview) Step 1: Set Up Azure Resources Configure App Service Managed Identity for Azure AI Foundry: # Enable system-assigned managed identity for your App Service az webapp identity assign --name <your-app-name> --resource-group <your-rg> # Grant required roles to your App Service for Azure AI Foundry access az role assignment create \ --role "Cognitive Services OpenAI User" \ --assignee <managed-identity-principal-id> \ --scope <your-ai-foundry-resource-id> # Grant AI Developer role for Azure AI Foundry project access az role assignment create \ --role "Azure AI Developer" \ --assignee <managed-identity-principal-id> \ --scope <your-ai-foundry-resource-id> Step 2: Copy and Merge Files Copy the AIPlaygroundCode folder: cp -r AIPlaygroundCode/ /path/to/your-existing-app/ Merge Dependencies (Important!): requirements.txt: Merge the dependencies from this sample's requirements.txt with your existing requirements file wsgi.py: If you have an existing wsgi.py, ensure it properly references your Flask app instance app.py routes: Copy the AI-related routes from the sample app.py to your existing Flask application Example requirements.txt merge: # Your existing dependencies flask==2.3.3 # ... your other dependencies # Add these AI-related dependencies from the sample azure-identity==1.15.0 openai==1.35.13 pillow==10.0.0 pydub==0.25.1 Step 3: Update App Service Configuration Add AI configuration as App Service environment variables: # Add Azure AI Foundry configuration as App Service environment variables az webapp config appsettings set --name <your-app-name> --resource-group <your-rg> --settings \ AZURE_INFERENCE_ENDPOINT="https://your-project-name.region.models.ai.azure.com/models" \ AZURE_AI_CHAT_DEPLOYMENT_NAME="gpt-4o-mini" \ AZURE_AI_AUDIO_DEPLOYMENT_NAME="gpt-4o-mini-audio-preview" \ AZURE_CLIENT_ID="system-assigned-managed-identity" Step 4: Add AI Settings Route to Your Flask App Add the settings route to your existing Flask application: # Add these imports to your existing app.py from AIPlaygroundCode.config import get_model_config, update_model_config, is_configured # Add AI configuration routes @app.route('/settings') def settings(): from flask import render_template config = get_model_config() return render_template('AIPlaygroundCode/templates/settings.html', config=config) @app.route('/settings', methods=['POST']) def update_settings(): # Copy the complete settings update logic from the sample app.py # This includes form handling, validation, and configuration updates pass Step 5: Add AI Interface to Your Application Integrate the AI chat interface into your existing application pages by copying specific sections from AIPlaygroundCode/templates/retail_home.html: Look for these markers in retail_home.html and copy to your templates: HTML Structure(copy the section marked with<!-- AI Chat Interface Start -->): <!-- AI Chat Interface Start --> <div id="chat-popup" class="chat-popup"> <!-- Complete chat popup structure --> </div> <!-- AI Chat Interface End --> CSS Styles(copy the section marked with/* AI Chat Styles Start */): <style> /* AI Chat Styles Start */ .chat-popup { /* ... */ } /* AI Chat Styles End */ </style> JavaScript Functions(copy the section marked with// AI Chat JavaScript Start): <script> // AI Chat JavaScript Start function toggleChat() { /* ... */ } // AI Chat JavaScript End </script> Integration Steps: Copy each marked section from retail_home.html to your main application template Ensure the chat button appears on your pages (floating bottom-right) Test the chat interface opens and can send messages Verify file upload functionality works for multimodal features What You Get After Integration: New Route: /settings for AI configuration Settings Page: Self-service configuration interface for Azure AI Foundry endpoints AI Chat Interface: Integrated chat functionality within your application pages Secure Configuration: Managed Identity authentication with Azure AI Foundry (no API keys required) Resource Clean-up To prevent incurring unnecessary charges, it's important to clean up your Azure resources after completing your work with the application. When to Clean Up After you have finished testing or demonstrating the application If the application is no longer needed or you have transitioned to a different project When you have completed development and are ready to decommission the application Removing Azure Resources To delete all associated resources and shut down the application, execute the following command: azd down Please note that this process may take up to 10 minutes to complete. Alternative: You can delete the resource group directly from the Azure Portal to clean up resources. Guidance Costs Pricing varies per region and usage, so it isn't possible to predict exact costs for your usage. The majority of Azure resources used in this infrastructure are on usage-based pricing tiers. You can try the Azure pricing calculator for the resources: Core Resources (always deployed): Azure App Service: Basic B2 tier with 3.5 GB RAM, 10 GB storage. Pricing Azure AI Foundry Resources (deployed when "No" is chosen for existing endpoint): Azure AI Services: Multi-service account with consumption-based pricing for model usage (tokens). Pricing Azure AI Hub: Management layer for AI projects (minimal cost) Azure Storage Account: Standard LRS for AI project data and model artifacts (minimal cost). Pricing Cost-saving tip: Choose "Yes" when prompted about existing Azure AI Foundry endpoint to reuse existing resources and avoid duplicate charges. Cost Management: To avoid unnecessary costs, remember to clean up your resources when no longer needed by running azd down or deleting the resource group in the Azure Portal. Security Guidelines This template uses Managed Identity for secure authentication between Azure services. Additional Security Measures to Consider: Enable Microsoft Defender for Cloud to secure your Azure resources Implement network security with Virtual Networks for App Service Configure Azure Web Application Firewall for additional protection Enable GitHub secret scanning in your repository Important Security Notice This template has been built to showcase Azure AI services and tools. We strongly recommend implementing additional security features before using this code in production environments. Support and Feedback Issues: Report bugs or request features via GitHub Issues Questions: Use GitHub Discussions for implementation questions Rate the Sample: Star the repository if this helped your project References Implementation Guides GitHub Repository - Complete implementation guide and source code Project Structure - Learn the high-level constructs and architecture Configuration Guide - Understand configuration options and environment setup Testing Guide - Learn how to test the application locally and on Azure FAQ & Troubleshooting - Frequently asked questions and troubleshooting guide Azure AI Foundry Documentation Chat Completions - Basic conversational AI implementation Reasoning Models - Advanced reasoning capabilities Multimodal AI - Image and audio processing Structured Outputs - JSON schema validationAnnouncing Public Preview of Managed Instance on Azure App Service
Today at Ignite 2025, we announced the Public Preview of a fantastic new capability which will enable customers to move applications to Azure App Service faster, and with minimal, if any, code changes! Azure App Service is a fully managed PaaS platform for hosting web applications, APIs, and mobile backends, enabling customers to deploy and scale applications securely without managing infrastructure. Azure App Service offers built-in compliance, identity and DevOps integration, making it ideal for cloud-native and modernization scenarios where agility, scalability, and operational efficiency are critical. Managed Instance on App Service builds on and extends these capabilities to solve many of the challenges customers have with migration and modernizing legacy and complex enterprise applications. Challenges with Migration and Modernization We have been listening intently to our customers and working on solutions to address their needs when migrating and modernizing applications, particularly .NET Framework applications, to Azure and specifically Azure App Service. Customers face clear challenges when migrating and modernizing applications Application Dependencies – Many apps rely on components that can’t easily migrate to App Service, such as libraries installed on the web worker, GAC entries, Windows Services, or OS-level features. Configuration Systems – Some apps heavily depend on reading/writing settings in the Windows Registry. File I/O – Legacy apps often require local disk access or network storage via mapped drives. Reduced Access & Tooling – Migration limits direct infrastructure access and familiar troubleshooting tools. Lengthy Migration & ROI Challenges – Complex code changes, testing, and issue resolution can make projects take months, delaying return on investment. How Managed Instance on Azure App Service addresses these challenges Managed Instance on Azure App Service addresses these challenges by providing a host of new functionality: - Configuration scripts – Provide a zip file containing all your dependencies with an accompanying PowerShell script to install and configure your dependencies. Store this in Azure Storage and securely access and retrieve using Managed Identity. - Registry adapters – Write to the App Service Plan instance’s windows registry, providing values using secrets stored and secured in Key Vault using Managed Identity. - Storage mounts – Map Azure Files, SMB File shares in your network and local temporary storage volumes using drive letter or drive letter and folder mappings, any credentials or storage connection strings are securely retrieved via Managed Identity from Key Vault secrets. - RDP to instances using Azure Bastion – for the first time ever, open a remote desktop session directly to your App Service Plan instances securely using Azure Bastion and use tools you’re familiar with such as IIS Manager, Event Viewer and Windows Feature MMC Snap-in tools. - Shortens time to migrate and modernize – Reduces the amount of cases where code changes might be needed in order to successfully migrate and modernize, shortening the time and cost to realize return on investment moving to the cloud. All of these features expand on top of the already rich set of capabilities within Azure App Service which enable rapid scale, network integration and security, combined with the new Premium v4 (Announcing General Availability of Premium v4 for Azure App Service | Microsoft Community Hub) series of pricing plans offering enhanced performance, scalability and cost efficiency. Key Scenarios: Technical and Business Perspectives 1. Lift-and-Improve Legacy Applications Technical: Migrate legacy .NET apps with hardcoded file paths, COM dependencies, or registry access—no major code rewrites required. Install custom components directly on the managed instance. Business: Accelerate cloud adoption, reduce migration friction, and preserve business continuity by avoiding costly re-platforming projects. Realize Azure App Service benefits (scaling, patching, high availability) with minimal disruption. 2. Re-platforming Hard-to-Modernize Apps Technical: Move applications with unavailable or hard-to-modify source code, or those tightly coupled to infrastructure (e.g., SMTP servers, MSMQ, legacy middleware). Managed Instance removes blockers by supporting custom installers and advanced networking. Business: Unlock value from legacy systems, extend their useful life, and enable phased modernization. Reduce risk and cost by avoiding “big bang” transformations. 3. Hybrid and Regulated Workloads Technical: Integrate securely with on-premises resources using VNETs and private endpoints. Enforce data residency and access controls with Bring Your Own Storage and Managed Identity. Business: Meet compliance and regulatory requirements for industries like finance, healthcare, and government. Streamline audits and reduce operational overhead for sensitive workloads. 4. Incremental Modernization Technical: Start with “lift-and-shift,” then incrementally adopt PaaS features—DevOps automation, dynamic scaling, centralized configuration—at your own pace. Business: Future-proof your application portfolio, drive ongoing innovation, and maximize ROI by continuously improving applications without major disruptions. Next Steps We’re delighted to be able to announce Managed Instance on Azure App Service and are eager to see it speed up and solve problems in your modernization journey. Moving your workloads to Managed Instance on Azure App Service open up new opportunities for you to add business value and securely integrate with other Azure services. Get started with Managed Instance on Azure App Service with our documentation and check out our Technical Deep Dive on Managed Instance on Azure App Service at Ignite 2025
AI Agents Are Rewriting the App Modernization Playbook
The modernization moment: Why now? Modernizing enterprise applications has historically been slow, manual, and costly. For many IT leaders and developers, it’s meant wrestling with aging frameworks, complex dependencies, and the constant tug-of-war between maintaining legacy systems and driving innovation. The stakes are high: every dollar spent on maintenance is a dollar not invested in the future. But the game is changing. Today, agentic AI is transforming modernization from a months-long slog into a days – or even hours – long process. With GitHub Copilot and Azure, teams can finally break through the three constraints that have held them back: 69% of CIOs are using new-project spend to resolve technical debt. This is due to the fact that upgrades, migrations, and containerization are slow, repetitive, and error-prone.[1] 78% of enterprises cite lack of cloud expertise or resources as a major obstacle for modernization. These legacy estates span uneven documentation and rare skills, making it tough to scale modernization across teams.[2] 40% of development resources are spent on maintaining existing systems. This leads to siloed tools and limited portfolio insights that slow down planning and cross-team execution.[3] The result? Projects stall, costs climb, and innovation takes a back seat. Organizations need a new approach—one that combines technical depth, automation, and collaboration to turn legacy estates into engines for growth. What’s new at Ignite This year at Microsoft Ignite, we’re adding to what we announced earlier this year to make a new generation of agentic AI capabilities in GitHub Copilot and Azure—purpose-built to address the modernization challenges facing IT and dev teams today. Here’s what’s new: Expanded Language and Framework Support: Modernizing legacy apps is no longer a manual slog. With the expanded language support, more teams can benefit from these innovations. For Java applications, we now support J2EE to JakartaEE transformation, IntelliJ integration, General Availability of deployment to Azure, and upgrades to Java 25, delivering better performance, security, and language features. (GA) For .NET workloads, we’re launching migration and deployment to Azure, including Managed Instance on Azure App Service for modernizing legacy Windows apps without code rewrites, and AI assisted upgrade paths from .NET Framework to .NET (GA) For Python, customers can now migrate from semantic kernel to agent framework (Public Preview) Containerization made simple with Containerization Assist Integration (GA): Containerization is often a bottleneck, but not anymore. With containerization assist integration, GitHub Copilot can now automatically update application code and generate Dockerfiles and related artifacts for containerizing and deploying to Azure Kubernetes Service (AKS), AKS Automatic, or Azure Container Apps (ACA), simplifying containerization for legacy apps. Database modernization: Upgrading databases is now faster and less risky. with the latest PostgreSQL extension for seamless PostgreSQL modernization and SQL Server migrations remain supported through the existing Azure Database Migration Service, enabling developers to modernize databases quickly and accurately. For Oracle-to-PostgreSQL migrations, Copilot tracks schema changes and applies informed code updates at the application level for Java apps. (Public Preview) Customization for enterprise-grade modernization: Modernization isn’t one-size-fits-all. With custom tasks, GitHub Copilot app modernization lets organizations define their own logic, enforcing security guardrails, coding standards, or industry-specific frameworks. Tasks can be created from diffs, markdown files, or URLs and shared across teams. Copilot learns from these customizations to apply them consistently, ensuring compliance while accelerating delivery (GA) Portfolio Assessment Integration (Public Preview): Visibility is key to planning, get a unified, actionable view of your entire app landscape with integrations to Azure Migrate, Dr. Migrate, and CAST Highlight, empowering smarter planning and prioritization, all surfaced through GitHub Issues. Autonomous Workflows (Public Preview): With Coding Agent integration and Copilot CLI, you can enable semi- autonomous modernization, freeing up your teams for higher-value work. Run modernization tasks directly from the CLI, or let agents analyze projects, generate plans, and execute upgrades end-to-end. How does this change the game for modernization These new capabilities are designed to directly address the three core blockers of modernization: Eliminating manual toil by automating upgrades, migrations, and containerization. Bridging expertise gaps by embedding AI-powered guidance and custom tasks, so teams can modernize confidently—even without deep legacy skills. Breaking down silos by providing unified visibility and integrated workflows, making it easier for IT and developers to plan, coordinate, and execute together. And beyond solving these pain points, they help your business achieve more. Accelerating time-to-value: Automate repetitive work so teams can focus on innovation, not maintenance. Reducing risk: Standardize modernization with AI-driven guidance, custom tasks, and integrated compliance. Maximizing ROI: Free up budget and talent by reducing manual effort and accelerating cloud adoption. Empowering collaboration: Give IT and developers a unified toolkit and shared visibility, breaking down silos and speeding up delivery. Take a look at how it comes to life! See GitHub Copilot app modernization in action—automating code upgrades, containerization, and database migration, and enabling seamless collaboration across roles. Customer momentum Organizations large and small, including startups, are benefiting from app modernization with GitHub Copilot. Here are just some of the amazing results that we are seeing: Ignite sessions: learn, connect, and build Ready to see these innovations in action? Join us at Ignite for live demos, customer stories, and expert guidance: BRK103: Modernize your apps in days with AI agents in GitHub Copilot BRK100: Best practices to modernize your apps and databases at scale BRK150: From legacy to modern .NET on Azure faster than ever BRK102: Technical Deep Dive on Managed Instance on Azure App Service BRK115: Inside Microsoft’s AI transformation across the software lifecycle BRK1704: Scale Smarter: Infrastructure for the Agentic Era THR700: Modernizing apps for Kubernetes with new agents in GitHub Copilot PBRK151: Agentic AI Tools for Partner-Led Migration and Modernization Success PBRK152: Unlocking Next Wave of Partner Growth LAB502: Migrate to AKS Automatic with GitHub Copilot for App Modernization LAB501: Modernize ASP.NET apps using Managed Instance on Azure App Service Get started today Explore the latest features with GitHub Copilot app modernization: http://aka.ms/GHCP-appmod Download Visual Studio 2026 and try GitHub Copilot app modernization for your .NET apps today https://aka.ms/vs Modernize with confidence, innovate without compromise With GitHub Copilot and Azure, you can maximize ROI, bridge expertise gaps, and give developers time back—turning legacy into a launchpad for AI-powered experiences. The future of app modernization is here. Let’s build it together. [1] McKinsey, Tech debt, Reclaiming tech equity [2] Flexera, Flexera 2023 State of the Cloud [3] McKinsey, Tech debt, Reclaiming tech equityBuilding AI apps and agents for the new frontier
Every new wave of applications brings with it the promise of reshaping how we work, build and create. From digitization to web, from cloud to mobile, these shifts have made us all more connected, more engaged and more powerful. The incoming wave of agentic applications, estimated to number 1.3 billion over the next 2 years[1] is no different. But the expectations of these new services are unprecedented, in part for how they will uniquely operate with both intelligence and agency, how they will act on our behalf, integrated as a member of our teams and as a part of our everyday lives. The businesses already achieving the greatest impact from agents are what we call Frontier Organizations. This week at Microsoft Ignite we’re showcasing what the best frontier organizations are delivering, for their employees, for their customers and for their markets. And we’re introducing an incredible slate of innovative services and tools that will help every organization achieve this same frontier transformation. What excites me most is how frontier organizations are applying AI to achieve their greatest level of creativity and problem solving. Beyond incremental increases in efficiency or cost savings, frontier firms use AI to accelerate the pace of innovation, shortening the gap from prototype to production, and continuously refining services to drive market fit. Frontier organizations aren’t just moving faster, they are using AI and agents to operate in novel ways, redefining traditional business processes, evolving traditional roles and using agent fleets to augment and expand their workforce. To do this they build with intent, build for impact and ground services in deep, continuously evolving, context of you, your organization and your market that makes every service, every interaction, hyper personalized, relevant and engaging. Today we’re announcing new capabilities that help you build what was previously impossible. To launch and scale fleets of agents in an open system across models, tools, and knowledge. And to run and operate agents with the confidence that every service is secure, governed and trusted. The question is, how do you get there? How do you build the AI apps and agents fueling the future? Read further for just a few highlights of how Microsoft can help you become frontier: Build with agentic DevOps Perhaps the greatest area of agentic innovation today is in service of developers. Microsoft’s strategy for agentic DevOps is redefining the developer experience to be AI-native, extending the power of AI to every stage of the software lifecycle and integrating AI services into the tools embraced by millions of developers. At Ignite, we’re helping every developer build faster, build with greater quality and security and deliver increasingly innovative apps that will shape their businesses. Across our developer services, AI agents now operate like an active member of your development and operations teams – collaborating, automating, and accelerating every phase of the software development lifecycle. From planning and coding to deployment and production, agents are reshaping how we build. And developers can now orchestrate fleets of agents, assigning tasks to agents to execute code reviews, testing, defect resolution, and even modernization of legacy Java and .NET applications. We continue to take this strategy forward with a new generation of AI-powered tools, with GitHub Agent HQ making coding agents like Codex, Claude Code, and Jules available soon directly in GitHub and Visual Studio Code, to Custom Agents to encode domain expertise, and “bring your own models” to empower teams to adapt and innovate. It’s these advancements that make GitHub Copilot, the world’s the most popular AI pair programmer, serving over 26 million users and helping organizations like Pantone, Ahold Delhaize USA, and Commerzbank streamline processes and save time. Within Microsoft’s own developer teams, we’re seeing transformative results with agentic DevOps. GitHub Copilot coding agent is now a top contributor—not only to GitHub’s core application but also to our major open-source projects like the Microsoft Agent Framework and Aspire. Copilot is reducing task completion time from hours to minutes and eliminating up to two weeks of manual development effort for complex work. Across Microsoft, 90% of pull requests are now covered by GitHub Copilot code review, increasing the pace of PR completion. Our AI-powered assistant for Microsoft’s engineering ecosystem is deeply integrated into VS Code, Teams, and other tools, giving engineers and product managers real-time, context-aware answers where they work—saving 2.2k developer days in September alone. For app modernization, GitHub Copilot has reduced modernization project timelines by as much as 88%. In production environments, Azure SRE agent has handled over 7K incidents and collected diagnostics on over 18K incidents, saving over 10,000 hours for on-call engineers. These results underscore how agentic workflows are redefining speed, scale, and reliability across the software lifecycle at Microsoft. Launch at speed and scale with a full-stack AI app and agent platform We’re making it easier to build, run, and scale AI agents that deliver real business outcomes. To accelerate the path to production for advanced AI applications and agents is delivering a complete, and flexible foundation that helps every organization move with speed and intelligence without compromising security, governance or operations. Microsoft Foundry helps organizations move from experimentation to execution at scale, providing the organization-wide observability and control that production AI requires. More than 80,000 customers, including 80% of the Fortune 500, use Microsoft Foundry to build, optimize, and govern AI apps and agents today. Foundry supports open frameworks like the Microsoft Agent Framework for orchestration, standard protocols like Model Context Protocol (MCP) for tool calling, and expansive integrations that enable context-aware, action-oriented agents. Companies like Nasdaq, Softbank, Sierra AI, and Blue Yonder are shipping innovative solutions with speed and precision. New at Ignite this year: Foundry Models With more than 11,000 models like OpenAI’s GPT-5, Anthropic’s Claude, and Microsoft’s Phi at their fingertips, developers, Foundry delivers the broadest model selection on any cloud. Developers have the power to benchmark, compare, and dynamically route models to optimize performance for every task. Model router is now generally available in Microsoft Foundry and in public preview in Foundry Agent Service. Foundry IQ, Delivering the deep context needed to make every agent grounded, productive, and reliable. Foundry IQ, now available in public preview, reimagines retrieval-augmented generation (RAG) as a dynamic reasoning process rather than a one-time lookup. Powered by Azure AI Search, it centralizes RAG workflows into a single grounding API, simplifying orchestration and improving response quality while respecting user permissions and data classifications. Foundry Agent Service now offers Hosted Agents, multi-agent workflows, built-in memory, and the ability to deploy agents directly to Microsoft 365 and Agent 365 in public preview. Foundry Tools, empowers developers to create agents with secure, real-time access to business systems, business logic, and multimodal capabilities. Developers can quickly enrich agents with real-time business context, multimodal capabilities, and custom business logic through secure, governed integration with 1,400+ systems and APIs. Foundry Control Plane, now in public preview, centralizes identity, policy, observability, and security signals and capabilities for AI developers in one portal. Build on an AI-Ready foundation for all applications Managed Instance on Azure App Service lets organizations migrate existing .NET web applications to the cloud without the cost or effort of rewriting code, allowing them to migrate directly into a fully managed platform-as-a-service (PaaS) environment. With Managed Instance, organizations can keep operating applications with critical dependencies on local Windows services, third-party vendor libraries, and custom runtimes without requiring any code changes. The result is faster modernizations with lower overhead, and access to cloud-native scalability, built-in security and Azure’s AI capabilities. MCP Governance with Azure API Management now delivers a unified control plane for APIs and MCP servers, enabling enterprises to extend their existing API investments directly into the agentic ecosystem with trusted governance, secure access, and full observability. Agent Loop and native AI integrations in Azure Logic Apps enable customers to move beyond rigid workflows to intelligent, adaptive automation that saves time and reduces complexity. These capabilities make it easier to build AI-powered, context-aware applications using low-code tools, accelerating innovation without heavy development effort. Azure Functions now supports hosting production-ready, reliable AI agents with stateful sessions, durable tool calls, and deterministic multi-agent orchestrations through the durable extension for Microsoft Agent Framework. Developers gain automatic session management, built-in HTTP endpoints, and elastic scaling from zero to thousands of instances — all with pay-per-use pricing and automated infrastructure. Azure Container Apps agents and security supercharges agentic workloads with automated deployment of multi-container agents, on-demand dynamic execution environments, and built-in security for runtime protection, and data confidentiality. Run and operate agents with confidence New at Ignite, we’re also expanding the use of agents to keep every application secure, managed and operating without compromise. Expanded agentic capabilities protect applications from code to cloud and continuously monitor and remediate production issues, while minimizing the efforts on developers, operators and security teams. Microsoft Defender for Cloud and GitHub Advanced Security: With the rise of multi-agent systems, the security threat surface continues to expand. Increased alert volumes, unprioritized threat signals, unresolved threats and a growing backlog of vulnerabilities is increasing risk for businesses while security teams and developers often operate in disconnected tools, making collaboration and remediation even more challenging. The new Defender for Cloud and GitHub Advanced Security integration closes this gap, connecting runtime context to code for faster alert prioritization and AI-powered remediation. Runtime context prioritizes security risks with insights that allow teams to focus on what matters most and fix issues faster with AI-powered remediation. When Defender for Cloud finds a threat exposed in production, it can now link to the exact code in GitHub. Developers receive AI suggested fixes directly inside GitHub, while security teams track progress in Defender for Cloud in real time. This gives both sides a faster, more connected way to identify issues, drive remediation, and keep AI systems secure throughout the app lifecycle. Azure SRE Agent is an always-on, AI-powered partner for cloud reliability, enabling production environments to become self-healing, proactively resolve issues, and optimize performance. Seamlessly integrated with Azure Monitor, GitHub Copilot, and incident management tools, Azure SRE Agent reduces operational toil. The latest update introduces no-code automation, empowering teams to tailor processes to their unique environments with minimal engineering overhead. Event-driven triggers enable proactive checks and faster incident response, helping minimize downtime. Expanded observability across Azure and third-party sources is designed to help teams troubleshoot production issues more efficiently, while orchestration capabilities support integration with MCP-compatible tools for comprehensive process automation. Finally, its adaptive memory system is designed to learn from interactions, helping improve incident handling and reduce operational toil, so organizations can achieve greater reliability and cost efficiency. The future is yours to build We are living in an extraordinary time, and across Microsoft we’re focused on helping every organization shape their future with AI. Today’s announcements are a big step forward on this journey. Whether you’re a startup fostering the next great concept or a global enterprise shaping your future, we can help you deliver on this vision. The frontier is open. Let’s build beyond expectations and build the future! Check out all the learning at Microsoft Ignite on-demand and read more about the announcements making it happen at: Recommended sessions BRK113: Connected, managed, and complete BRK103: Modernize your apps in days, not months, with GitHub Copilot BRK110: Build AI Apps fast with GitHub and Microsoft Foundry in action BRK100: Best practices to modernize your apps and databases at scale BRK114: AI Agent architectures, pitfalls and real-world business impact BRK115: Inside Microsoft's AI transformation across the software lifecycle Announcements aka.ms/AgentFactory aka.ms/AppModernizationBlog aka.ms/SecureCodetoCloudBlog aka.ms/AppPlatformBlog [1] IDC Info Snapshot, sponsored by Microsoft, 1.3 Billion AI Agents by 2028, #US53361825 and May 2025.Introducing Preview of Async Scaling for App Service Plans
Have you ever attempted to deploy or scale out an App Service Plan and received a 429 response that “Not enough available reserved instance servers to satisfy this request. Currently n instances are available. If you are changing instance size you can reserve up to n instances at this moment. If you are increasing instance count then you can add extra n instances at this moment. Please get available machines and retry later.”? If so, then we have a new capability within App Service which is going to help to address this and give customers a consistent experience. I’m excited to introduce the preview of the ability to create and scale App Service Plans asynchronously, meaning you can request the eventual number of instances you wish for your plan to scale out to and the platform will take care of ensuring that those instances are made available to your plan without you have to modify and reissue your requests to get to your goal. Scenario: You are creating a new App Service Plan and you know you would like that plan to have 15 instances. Current default behavior: With the current default behavior you may see your request fail and be told only 6 are available. Then you would have to modify your request to ask for 6 instances, then scale out repeatedly, with small increments whilst the platform makes more instances available, until you reach the target 15 instances. New Preview Functionality: With the new functionality you can create your new App Service Plan and request 15 instances and the platform will take care of retrying to provision the full 15 on your behalf. Initially your plan may be created with just six instances but then platform will seek to add the others on your behalf. Create App Service Plan example: Let’s take a look at how this behaves in CLI az group create -n <resourceGroupName> -l <location> az appservice plan create -g <resourceGroupName> -n <appServicePlanName> --number-of-workers <number of instances you need> --sku <App Service Plan Sku, for example P1v3> --async-scaling-enabled true --location <location> Then you will see the similar output to below: az appservice plan create -g asyncasp -n asyncasplinuxexample --number-of-workers 25 --sku p1v3 --async-scaling-enabled true --location northeurope --is-linux Starting to scale App Service plan asyncasplinuxexample... Status: InProgress — Scaled to 1 workers of pricing tier P1v3. Status: InProgress — Scaled to 13 workers of pricing tier P1v3. Status: InProgress — Scaled to 19 workers of pricing tier P1v3. Status: InProgress — Scaled to 20 workers of pricing tier P1v3. Successfully scaled to 25 workers in pricing tier P1v3. Can I use this functionality for scaling out? Yes, you can use this functionality for scaling App Service Plans too! The CLI command example is as follows: az appservice plan update -g <resourceGroupName> -n <App Service Plan Name> --async-scaling-enabled true --number-of-workers <number of workers to scale out to> Summary This new functionality is available today for both Windows and Linux plans, and across all SKUs apart from free and shared. You can take advantage of this capability via ARM/CLI when creating or scaling App Service Plans. Support for configuring Asynchronous Scaling for App Service Plans in the Azure Portal is rolling out globally.
What's New in Azure App Service at #MSIgnite 2025
Azure App Service introduces a new approach to accelerate application migration and modernization at Microsoft Ignite 2025. Known as Managed Instance on Azure App Service, it enables seamless modernization of classic web apps to the cloud with minimal code changes, especially for apps with custom Windows dependencies. Other major updates include enhanced Aspire support for .NET developers on Azure App Service for Linux, new AI integration features, expanded language/runtime support, and improvements in scaling, networking, and developer experience.Reimagining AI Ops with Azure SRE Agent: New Automation, Integration, and Extensibility features
Azure SRE Agent offers intelligent and context aware automation for IT operations. Enhanced by customer feedback from our preview, the SRE Agent has evolved into an extensible platform to automate and manage tasks across Azure and other environments. Built on an Agentic DevOps approach - drawing from proven practices in internal Azure operations - the Azure SRE Agent has already saved over 20,000 engineering hours across Microsoft product teams operations, delivering strong ROI for teams seeking sustainable AIOps. An Operations Agent that adapts to your playbooks Azure SRE Agent is an AI powered operations automation platform that empowers SREs, DevOps, IT operations, and support teams to automate tasks such as incident response, customer support, and developer operations from a single, extensible agent. Its value proposition and capabilities have evolved beyond diagnosis and mitigation of Azure issues, to automating operational workflows and seamless integration with the standards and processes used in your organization. SRE Agent is designed to automate operational work and reduce toil, enabling developers and operators to focus on high-value tasks. By streamlining repetitive and complex processes, SRE Agent accelerates innovation and improves reliability across cloud and hybrid environments. In this article, we will look at what’s new and what has changed since the last update. What’s New: Automation, Integration, and Extensibility Azure SRE Agent just got a major upgrade. From no-code automation to seamless integrations and expanded data connectivity, here’s what’s new in this release: No-code Sub-Agent Builder: Rapidly create custom automations without writing code. Flexible, event-driven triggers: Instantly respond to incidents and operational changes. Expanded data connectivity: Unify diagnostics and troubleshooting across more data sources. Custom actions: Integrate with your existing tools and orchestrate end-to-end workflows via MCP. Prebuilt operational scenarios: Accelerate deployment and improve reliability out of the box. Unlike generic agent platforms, Azure SRE Agent comes with deep integrations, prebuilt tools, and frameworks specifically for IT, DevOps, and SRE workflows. This means you can automate complex operational tasks faster and more reliably, tailored to your organization’s needs. Sub-Agent Builder: Custom Automation, No Code Required Empower teams to automate repetitive operational tasks without coding expertise, dramatically reducing manual workload and development cycles. This feature helps address the need for targeted automation, letting teams solve specific operational pain points without relying on one-size-fits-all solutions. Modular Sub-Agents: Easily create custom sub-agents tailored to your team’s needs. Each sub-agent can have its own instructions, triggers, and toolsets, letting you automate everything from outage response to customer email triage. Prebuilt System Tools: Eliminate the inefficiency of creating basic automation from scratch, and choose from a rich library of hundreds of built-in tools for Azure operations, code analysis, deployment management, diagnostics, and more. Custom Logic: Align automation to your unique business processes by defining your automation logic and prompts, teaching the agent to act exactly as your workflow requires. Flexible Triggers: Automate on Your Terms Invoke the agent to respond automatically to mission-critical events, not wait for manual commands. This feature helps speed up incident response and eliminate missed opportunities for efficiency. Multi-Source Triggers: Go beyond chat-based interactions, and trigger the agent to automatically respond to Incident Management and Ticketing systems like PagerDuty and ServiceNow, Observability Alerting systems like Azure Monitor Alerts, or even on a cron-based schedule for proactive monitoring and best-practices checks. Additional trigger sources such as GitHub issues, Azure DevOps pipelines, email, etc. will be added over time. This means automation can start exactly when and where you need it. Event-Driven Operations: Integrate with your CI/CD, monitoring, or support systems to launch automations in response to real-world events - like deployments, incidents, or customer requests. Vital for reducing downtime, it ensures that business-critical actions happen automatically and promptly. Expanded Data Connectivity: Unified Observability and Troubleshooting Integrate data, enabling comprehensive diagnostics and troubleshooting and faster, more informed decision-making by eliminating silos and speeding up issue resolution. Multiple Data Sources: The agent can now read data from Azure Monitor, Log Analytics, and Application Insights based on its Azure role-based access control (RBAC). Additional observability data sources such as Dynatrace, New Relic, Datadog, and more can be added via the Remote Model Context Protocol (MCP) servers for these tools. This gives you a unified view for diagnostics and automation. Knowledge Integration: Rather than manually detailing every instruction in your prompt, you can upload your Troubleshooting Guide (TSG) or Runbook directly, allowing the agent to automatically create an execution plan from the file. You may also connect the agent to resources like SharePoint, Jira, or documentation repositories through Remote MCP servers, enabling it to retrieve needed files on its own. This approach utilizes your organization’s existing knowledge base, streamlining onboarding and enhancing consistency in managing incidents. Azure SRE Agent is also building multi-agent collaboration by integrating with PagerDuty and Neubird, enabling advanced, cross-platform incident management and reliability across diverse environments. Custom Actions: Automate Anything, Anywhere Extend automation beyond Azure and integrate with any tool or workflow, solving the problem of limited automation scope and enabling end-to-end process orchestration. Out-of-the-Box Actions: Instantly automate common tasks like running azcli, kubectl, creating GitHub issues, or updating Azure resources, reducing setup time and operational overhead. Communication Notifications: The SRE Agent now features built-in connectors for Outlook, enabling automated email notifications, and for Microsoft Teams, allowing it to post messages directly to Teams channels for streamlined communication. Bring Your Own Actions: Drop in your own Remote MCP servers to extend the agent’s capabilities to any custom tool or workflow. Future-proof your agentic DevOps by automating proprietary or emerging processes with confidence. Prebuilt Operations Scenarios Address common operational challenges out of the box, saving teams time and effort while improving reliability and customer satisfaction. Incident Response: Minimize business impact and reduce operational risk by automating detection, diagnosis, and mitigation of your workload stack. The agent has built-in runbooks for common issues related to many Azure resource types including Azure Kubernetes Service (AKS), Azure Container Apps (ACA), Azure App Service, Azure Logic Apps, Azure Database for PostgreSQL, Azure CosmosDB, Azure VMs, etc. Support for additional resource types is being added continually, please see product documentation for the latest information. Root Cause Analysis & IaC Drift Detection: Instantly pinpoint incident causes with AI-driven root cause analysis including automated source code scanning via GitHub and Azure DevOps integration. Proactively detect and resolve infrastructure drift by comparing live cloud environments against source-controlled IaC, ensuring configuration consistency and compliance. Handle Complex Investigations: Enable the deep investigation mode that uses a hypothesis-driven method to analyze possible root causes. It collects logs and metrics, tests hypotheses with iterative checks, and documents findings. The process delivers a clear summary and actionable steps to help teams accurately resolve critical issues. Incident Analysis: The integrated dashboard offers a comprehensive overview of all incidents managed by the SRE Agent. It presents essential metrics, including the number of incidents reviewed, assisted, and mitigated by the agent, as well as those awaiting human intervention. Users can leverage aggregated visualizations and AI-generated root cause analyses to gain insights into incident processing, identify trends, enhance response strategies, and detect areas for improvement in incident management. Inbuilt Agent Memory: The new SRE Agent Memory System transforms incident response by institutionalizing the expertise of top SREs - capturing, indexing, and reusing critical knowledge from past incidents, investigations, and user guidance. Benefit from faster, more accurate troubleshooting, as the agent learns from both successes and mistakes, surfacing relevant insights, runbooks, and mitigation strategies exactly when needed. This system leverages advanced retrieval techniques and a domain-aware schema to ensure every on-call engagement is smarter than the last, reducing mean time to resolution (MTTR) and minimizing repeated toil. Automatically gain a continuously improving agent that remembers what works, avoids past pitfalls, and delivers actionable guidance tailored to the environment. GitHub Copilot and Azure DevOps Integration: Automatically triage, respond to, and resolve issues raised in GitHub or Azure DevOps. Integration with modern development platforms such as GitHub Copilot coding agent increases efficiency and ensures that issues are resolved faster, reducing bottlenecks in the development lifecycle. Ready to get started? Azure SRE Agent home page Product overview Pricing Page Pricing Calculator Pricing Blog Demo recordings Deployment samples What’s Next? Give us feedback: Your feedback is critical - You can Thumbs Up / Thumbs Down each interaction or thread, or go to the “Give Feedback” button in the agent to give us in-product feedback - or you can create issues or just share your thoughts in our GitHub repo at https://github.com/microsoft/sre-agent. We’re just getting started. In the coming months, expect even more prebuilt integrations, expanded data sources, and new automation scenarios. We anticipate continuous growth and improvement throughout our agentic AI platforms and services to effectively address customer needs and preferences. Let us know what Ops toil you want to automate next!
