Announcing Public Preview of Managed Instance on Azure App Service
Today at Ignite 2025, we announced the Public Preview of a fantastic new capability which will enable customers to move applications to Azure App Service faster, and with minimal, if any, code changes! Azure App Service is a fully managed PaaS platform for hosting web applications, APIs, and mobile backends, enabling customers to deploy and scale applications securely without managing infrastructure. Azure App Service offers built-in compliance, identity and DevOps integration, making it ideal for cloud-native and modernization scenarios where agility, scalability, and operational efficiency are critical. Managed Instance on App Service builds on and extends these capabilities to solve many of the challenges customers have with migration and modernizing legacy and complex enterprise applications. Challenges with Migration and Modernization We have been listening intently to our customers and working on solutions to address their needs when migrating and modernizing applications, particularly .NET Framework applications, to Azure and specifically Azure App Service. Customers face clear challenges when migrating and modernizing applications Application Dependencies – Many apps rely on components that can’t easily migrate to App Service, such as libraries installed on the web worker, GAC entries, Windows Services, or OS-level features. Configuration Systems – Some apps heavily depend on reading/writing settings in the Windows Registry. File I/O – Legacy apps often require local disk access or network storage via mapped drives. Reduced Access & Tooling – Migration limits direct infrastructure access and familiar troubleshooting tools. Lengthy Migration & ROI Challenges – Complex code changes, testing, and issue resolution can make projects take months, delaying return on investment. How Managed Instance on Azure App Service addresses these challenges Managed Instance on Azure App Service addresses these challenges by providing a host of new functionality: - Configuration scripts – Provide a zip file containing all your dependencies with an accompanying PowerShell script to install and configure your dependencies. Store this in Azure Storage and securely access and retrieve using Managed Identity. - Registry adapters – Write to the App Service Plan instance’s windows registry, providing values using secrets stored and secured in Key Vault using Managed Identity. - Storage mounts – Map Azure Files, SMB File shares in your network and local temporary storage volumes using drive letter or drive letter and folder mappings, any credentials or storage connection strings are securely retrieved via Managed Identity from Key Vault secrets. - RDP to instances using Azure Bastion – for the first time ever, open a remote desktop session directly to your App Service Plan instances securely using Azure Bastion and use tools you’re familiar with such as IIS Manager, Event Viewer and Windows Feature MMC Snap-in tools. - Shortens time to migrate and modernize – Reduces the amount of cases where code changes might be needed in order to successfully migrate and modernize, shortening the time and cost to realize return on investment moving to the cloud. All of these features expand on top of the already rich set of capabilities within Azure App Service which enable rapid scale, network integration and security, combined with the new Premium v4 (Announcing General Availability of Premium v4 for Azure App Service | Microsoft Community Hub) series of pricing plans offering enhanced performance, scalability and cost efficiency. Key Scenarios: Technical and Business Perspectives 1. Lift-and-Improve Legacy Applications Technical: Migrate legacy .NET apps with hardcoded file paths, COM dependencies, or registry access—no major code rewrites required. Install custom components directly on the managed instance. Business: Accelerate cloud adoption, reduce migration friction, and preserve business continuity by avoiding costly re-platforming projects. Realize Azure App Service benefits (scaling, patching, high availability) with minimal disruption. 2. Re-platforming Hard-to-Modernize Apps Technical: Move applications with unavailable or hard-to-modify source code, or those tightly coupled to infrastructure (e.g., SMTP servers, MSMQ, legacy middleware). Managed Instance removes blockers by supporting custom installers and advanced networking. Business: Unlock value from legacy systems, extend their useful life, and enable phased modernization. Reduce risk and cost by avoiding “big bang” transformations. 3. Hybrid and Regulated Workloads Technical: Integrate securely with on-premises resources using VNETs and private endpoints. Enforce data residency and access controls with Bring Your Own Storage and Managed Identity. Business: Meet compliance and regulatory requirements for industries like finance, healthcare, and government. Streamline audits and reduce operational overhead for sensitive workloads. 4. Incremental Modernization Technical: Start with “lift-and-shift,” then incrementally adopt PaaS features—DevOps automation, dynamic scaling, centralized configuration—at your own pace. Business: Future-proof your application portfolio, drive ongoing innovation, and maximize ROI by continuously improving applications without major disruptions. Next Steps We’re delighted to be able to announce Managed Instance on Azure App Service and are eager to see it speed up and solve problems in your modernization journey. Moving your workloads to Managed Instance on Azure App Service open up new opportunities for you to add business value and securely integrate with other Azure services. Get started with Managed Instance on Azure App Service with our documentation and check out our Technical Deep Dive on Managed Instance on Azure App Service at Ignite 2025Reimagining AI Ops with Azure SRE Agent: New Automation, Integration, and Extensibility features
Azure SRE Agent offers intelligent and context aware automation for IT operations. Enhanced by customer feedback from our preview, the SRE Agent has evolved into an extensible platform to automate and manage tasks across Azure and other environments. Built on an Agentic DevOps approach - drawing from proven practices in internal Azure operations - the Azure SRE Agent has already saved over 20,000 engineering hours across Microsoft product teams operations, delivering strong ROI for teams seeking sustainable AIOps. An Operations Agent that adapts to your playbooks Azure SRE Agent is an AI powered operations automation platform that empowers SREs, DevOps, IT operations, and support teams to automate tasks such as incident response, customer support, and developer operations from a single, extensible agent. Its value proposition and capabilities have evolved beyond diagnosis and mitigation of Azure issues, to automating operational workflows and seamless integration with the standards and processes used in your organization. SRE Agent is designed to automate operational work and reduce toil, enabling developers and operators to focus on high-value tasks. By streamlining repetitive and complex processes, SRE Agent accelerates innovation and improves reliability across cloud and hybrid environments. In this article, we will look at what’s new and what has changed since the last update. What’s New: Automation, Integration, and Extensibility Azure SRE Agent just got a major upgrade. From no-code automation to seamless integrations and expanded data connectivity, here’s what’s new in this release: No-code Sub-Agent Builder: Rapidly create custom automations without writing code. Flexible, event-driven triggers: Instantly respond to incidents and operational changes. Expanded data connectivity: Unify diagnostics and troubleshooting across more data sources. Custom actions: Integrate with your existing tools and orchestrate end-to-end workflows via MCP. Prebuilt operational scenarios: Accelerate deployment and improve reliability out of the box. Unlike generic agent platforms, Azure SRE Agent comes with deep integrations, prebuilt tools, and frameworks specifically for IT, DevOps, and SRE workflows. This means you can automate complex operational tasks faster and more reliably, tailored to your organization’s needs. Sub-Agent Builder: Custom Automation, No Code Required Empower teams to automate repetitive operational tasks without coding expertise, dramatically reducing manual workload and development cycles. This feature helps address the need for targeted automation, letting teams solve specific operational pain points without relying on one-size-fits-all solutions. Modular Sub-Agents: Easily create custom sub-agents tailored to your team’s needs. Each sub-agent can have its own instructions, triggers, and toolsets, letting you automate everything from outage response to customer email triage. Prebuilt System Tools: Eliminate the inefficiency of creating basic automation from scratch, and choose from a rich library of hundreds of built-in tools for Azure operations, code analysis, deployment management, diagnostics, and more. Custom Logic: Align automation to your unique business processes by defining your automation logic and prompts, teaching the agent to act exactly as your workflow requires. Flexible Triggers: Automate on Your Terms Invoke the agent to respond automatically to mission-critical events, not wait for manual commands. This feature helps speed up incident response and eliminate missed opportunities for efficiency. Multi-Source Triggers: Go beyond chat-based interactions, and trigger the agent to automatically respond to Incident Management and Ticketing systems like PagerDuty and ServiceNow, Observability Alerting systems like Azure Monitor Alerts, or even on a cron-based schedule for proactive monitoring and best-practices checks. Additional trigger sources such as GitHub issues, Azure DevOps pipelines, email, etc. will be added over time. This means automation can start exactly when and where you need it. Event-Driven Operations: Integrate with your CI/CD, monitoring, or support systems to launch automations in response to real-world events - like deployments, incidents, or customer requests. Vital for reducing downtime, it ensures that business-critical actions happen automatically and promptly. Expanded Data Connectivity: Unified Observability and Troubleshooting Integrate data, enabling comprehensive diagnostics and troubleshooting and faster, more informed decision-making by eliminating silos and speeding up issue resolution. Multiple Data Sources: The agent can now read data from Azure Monitor, Log Analytics, and Application Insights based on its Azure role-based access control (RBAC). Additional observability data sources such as Dynatrace, New Relic, Datadog, and more can be added via the Remote Model Context Protocol (MCP) servers for these tools. This gives you a unified view for diagnostics and automation. Knowledge Integration: Rather than manually detailing every instruction in your prompt, you can upload your Troubleshooting Guide (TSG) or Runbook directly, allowing the agent to automatically create an execution plan from the file. You may also connect the agent to resources like SharePoint, Jira, or documentation repositories through Remote MCP servers, enabling it to retrieve needed files on its own. This approach utilizes your organization’s existing knowledge base, streamlining onboarding and enhancing consistency in managing incidents. Azure SRE Agent is also building multi-agent collaboration by integrating with PagerDuty and Neubird, enabling advanced, cross-platform incident management and reliability across diverse environments. Custom Actions: Automate Anything, Anywhere Extend automation beyond Azure and integrate with any tool or workflow, solving the problem of limited automation scope and enabling end-to-end process orchestration. Out-of-the-Box Actions: Instantly automate common tasks like running azcli, kubectl, creating GitHub issues, or updating Azure resources, reducing setup time and operational overhead. Communication Notifications: The SRE Agent now features built-in connectors for Outlook, enabling automated email notifications, and for Microsoft Teams, allowing it to post messages directly to Teams channels for streamlined communication. Bring Your Own Actions: Drop in your own Remote MCP servers to extend the agent’s capabilities to any custom tool or workflow. Future-proof your agentic DevOps by automating proprietary or emerging processes with confidence. Prebuilt Operations Scenarios Address common operational challenges out of the box, saving teams time and effort while improving reliability and customer satisfaction. Incident Response: Minimize business impact and reduce operational risk by automating detection, diagnosis, and mitigation of your workload stack. The agent has built-in runbooks for common issues related to many Azure resource types including Azure Kubernetes Service (AKS), Azure Container Apps (ACA), Azure App Service, Azure Logic Apps, Azure Database for PostgreSQL, Azure CosmosDB, Azure VMs, etc. Support for additional resource types is being added continually, please see product documentation for the latest information. Root Cause Analysis & IaC Drift Detection: Instantly pinpoint incident causes with AI-driven root cause analysis including automated source code scanning via GitHub and Azure DevOps integration. Proactively detect and resolve infrastructure drift by comparing live cloud environments against source-controlled IaC, ensuring configuration consistency and compliance. Handle Complex Investigations: Enable the deep investigation mode that uses a hypothesis-driven method to analyze possible root causes. It collects logs and metrics, tests hypotheses with iterative checks, and documents findings. The process delivers a clear summary and actionable steps to help teams accurately resolve critical issues. Incident Analysis: The integrated dashboard offers a comprehensive overview of all incidents managed by the SRE Agent. It presents essential metrics, including the number of incidents reviewed, assisted, and mitigated by the agent, as well as those awaiting human intervention. Users can leverage aggregated visualizations and AI-generated root cause analyses to gain insights into incident processing, identify trends, enhance response strategies, and detect areas for improvement in incident management. Inbuilt Agent Memory: The new SRE Agent Memory System transforms incident response by institutionalizing the expertise of top SREs - capturing, indexing, and reusing critical knowledge from past incidents, investigations, and user guidance. Benefit from faster, more accurate troubleshooting, as the agent learns from both successes and mistakes, surfacing relevant insights, runbooks, and mitigation strategies exactly when needed. This system leverages advanced retrieval techniques and a domain-aware schema to ensure every on-call engagement is smarter than the last, reducing mean time to resolution (MTTR) and minimizing repeated toil. Automatically gain a continuously improving agent that remembers what works, avoids past pitfalls, and delivers actionable guidance tailored to the environment. GitHub Copilot and Azure DevOps Integration: Automatically triage, respond to, and resolve issues raised in GitHub or Azure DevOps. Integration with modern development platforms such as GitHub Copilot coding agent increases efficiency and ensures that issues are resolved faster, reducing bottlenecks in the development lifecycle. Ready to get started? Azure SRE Agent home page Product overview Pricing Page Pricing Calculator Pricing Blog Demo recordings Deployment samples What’s Next? Give us feedback: Your feedback is critical - You can Thumbs Up / Thumbs Down each interaction or thread, or go to the “Give Feedback” button in the agent to give us in-product feedback - or you can create issues or just share your thoughts in our GitHub repo at https://github.com/microsoft/sre-agent. We’re just getting started. In the coming months, expect even more prebuilt integrations, expanded data sources, and new automation scenarios. We anticipate continuous growth and improvement throughout our agentic AI platforms and services to effectively address customer needs and preferences. Let us know what Ops toil you want to automate next!
Proactive Monitoring Made Simple with Azure SRE Agent
SRE teams strive for proactive operations, catching issues before they impact customers and reducing the chaos of incident response. While perfection may be elusive, the real goal is minimizing outages and gaining immediate line of sight into production environments. Today, that’s harder than ever. It requires correlating countless signals and alerts, understanding how they relate—or don’t relate—to each other, and assigning the right sense of urgency and impact. Anything that shortens this cycle, accelerates detection, and enables automated remediation is what modern SRE teams crave. What if you could skip the scripting and pipelines? What if you could simply describe what you want in plain language and let it run automatically on a schedule? Scheduled Tasks for Azure SRE Agent With Scheduled Tasks for Azure SRE Agent, that what-if scenario is now a reality. Scheduled tasks combine natural language prompts with Azure SRE Agent’s automation capabilities, so you can express intent, set a schedule, and let the agent do the rest—without writing a single line of code. This means: ⚡ Faster incident response through early detection ✅ Better compliance with automated checks 🎯 More time for high-value engineering work and innovation 💡 The shift from reactive to proactive: Instead of waiting for alerts to fire or customers to report issues, you’re continuously monitoring, validating, and catching problems before they escalate. How Scheduled Tasks Work Under the Hood When you create a Scheduled Task, the process is more than just running a prompt on a timer. Here’s what happens: 1. Prompt Interpretation and Plan Creation The SRE Agent takes your natural language prompt—such as “Scan all resources for security best practices”—and converts it into a structured execution plan. This plan defines the steps, tools, and data sources required to fulfill your request. 2. Built-In Tools and MCP Integration The agent uses its built-in capabilities (Azure CLI, Log Analytics workspace, Appinsights) and can also leverage 3 rd party data sources or tools via MCP server integration for extended functionality. 3. Results Analysis and Smart Summarization After execution, the agent analyzes results, identifies anomalies or issues, and provides actionable summaries not just raw data dumps. 4. Notification and Escalation Based on findings, the agent can: Post updates to Teams channels Create or update incidents Send email notifications Trigger follow-up actions Real-World Use Cases for Proactive Ops Here’s where scheduled tasks shine for SRE teams: Use Case Prompt Example Schedule Security Posture Check “Scan all subscriptions for resources with public endpoints and flag any that shouldn’t be exposed” Daily Cost Anomaly Detection “Compare this week’s spend against last week and alert if any service exceeds 20% growth” Weekly Compliance Drift Detection “Check all storage accounts for encryption settings and report any non-compliant resources” Daily Resource Health Summary “Summarize the health status of all production VMs and highlight any degraded instances” Every 4 hours Incident Trend Analysis “Analyze ICM incidents from the past week, identify patterns, and summarize top contributing services” Weekly Getting Started in 3 Steps Step 1: Define Your Intent Write a natural language prompt describing what you want to monitor or check. Be specific about: - What resources or scope - What conditions to look for - What action to take if issues are found Example: > “Every morning at 8 AM, check all production Kubernetes clusters for pods in CrashLoopBackOff state. If any are found, post a summary to the #sre-alerts Teams channel with cluster name, namespace, and pod details.” Step 2: Set Your Schedule Choose how often the task should run: - Cron expressions for precise control - Simple intervals (hourly, daily, weekly) Step 3: Define Where to Receive Updates Include in your prompt where you want results delivered when the task finishes execution. The agent can use its built-in tools and connectors to: - Post summaries to a Teams channel - Send email notifications - Create or update ICM incidents Example prompt with notification: > "Check all production databases for long-running queries over 30 seconds. If any are found, post a summary to the #database-alerts Teams channel." Why This Matters for Proactive Operations Traditional monitoring approaches have limitations: Traditional Approach With Scheduled Tasks Write scripts, maintain pipelines Describe in plain language Static thresholds and rules Contextual, AI-powered analysis Alert fatigue from noisy signals Smart summarization of what matters Separate tools for check vs. action Unified detection and response Requires dedicated DevOps effort Any SRE can create and modify The result? Your team spends less time building and maintaining monitoring infrastructure and more time on the work that truly requires human expertise. Best Practices for Scheduled Tasks Start simple, iterate — Begin with one or two high-value checks and expand as you gain confidence Be specific in prompts — The more context you provide, the better the results Set appropriate frequencies — Not everything needs to run hourly; match the schedule to the risk Review and refine — Check task results periodically and adjust prompts for better accuracy What’s Next? Scheduled tasks are just the beginning. We’re continuing to invest in capabilities that help SRE teams shift left—catching issues earlier, automating routine checks, and freeing up time for strategic work. Ready to Start? Use this sample that shows how to create a scheduled health check sub-agent: https://github.com/microsoft/sre-agent/blob/main/samples/automation/samples/02-scheduled-health-check-sample.md This example demonstrates: - Building a HealthCheckAgent using built-in tools like Azure CLI and Log Analytics Workspace - Scheduling daily health checks for a container app at 7 AM - Sending email alerts when anomalies are detected 🔗 Explore more samples here: https://github.com/microsoft/sre-agent/tree/main/samples More to Learn Ignite 2025 announcements: https://aka.ms/ignite25/blog/sreagent Documentation: https://aka.ms/sreagent/docs Support & Feature Requests: https://github.com/microsoft/sre-agent/issuesDeploying a Bun + Hono + Vite app to Azure App Service
TOC Introduction Local Environment Deployment Conclusion 1. Introduction Anthropic, the company behind Claude, recently acquired the JavaScript runtime startup Bun, marking one of the most significant shifts in the modern JavaScript ecosystem since the arrival of Node.js and Deno. This acquisition signals more than a business move, it represents a strategic consolidation of performance-oriented tooling, developer ergonomics, and the future of AI-accelerated software development. At the center of this momentum lies a powerful trio: Bun, Hono, and Vite. Bun is a next-generation JavaScript runtime that reimagines everything from dependency installation to HTTP servers, bundling, and execution speed. On top of Bun, frameworks like Hono provide an elegant, lightweight approach to building APIs and full web applications. Hono embraces the Web Standard API model while optimizing for speed and minimal footprint. For front-end development, Vite completes the trio. Vite provides lightning-fast local development through native ES modules and an optimized build pipeline. When paired with Bun, the developer experience becomes even smoother, as Bun accelerates not only the dev server but also the entire build process. The result is a full-stack workflow where front-end and back-end both benefit from a consistent, high-performance environment. This article will guide you through deploying a Bun + Hono + Vite application to an Azure Linux Web App. 2. Local Environment The development environment used in this example is a Docker container. All project creation, modification, and testing will take place inside this environment. We will build an application using Bun + Hono + Vite, containing three endpoints: / : The root endpoint, which displays Hello Bun Hono Vite /api/hello : A static endpoint /api/backend : A runtime endpoint executed on the server, returning computed results for the frontend to display Create the Docker development environment This command generates a Bun + Hono + Vite project. docker run --rm -it -v "$PWD":/app -w /app oven/bun:latest bunx create-vite . --template vanilla-ts Follow the prompts as shown in the image and make the appropriate selections. After completing the prompts, the corresponding project files will be created. At this point, you may press Ctrl + C to stop the running Bun server. Next, install Hono: docker run --rm -it -v "$PWD":/app -w /app oven/bun:latest bun add hono Create 4 files and edit 2 files Create .vscode/settings.json This file serves two purposes: To prevent the large node_modules folder from being uploaded during deployment. Uploading it wastes bandwidth and may cause compatibility issues between local and production environments. To disable ORYX BUILD from interfering in the deployment process. We will use a custom startup script to handle all build tasks instead. { "appService.zipIgnorePattern": [ "node_modules{,/**}", ".git{,/**}", ".vscode{,/**}" ], "appService.showBuildDuringDeployPrompt": false } Create vite.config.ts This file configures Vite’s base path to use relative paths instead of absolute paths. Although this does not affect the production environment, it is essential locally when URLs and ports may differ. import { defineConfig } from 'vite'; export default defineConfig({ base: './', }); Create server.ts This file configures backend routing using Hono and sets up the Bun server. It includes several test endpoints, some static, and some executed at runtime. import { Hono } from 'hono'; import { serveStatic } from 'hono/bun'; const app = new Hono(); app.get('/api/hello', (c) => { return c.text('this is api/hello'); }); app.get('/api/backend', (c) => { const result = 1 + 1; return c.json({ message: "this is /api/backend", calc: `1 + 1 = ${result}`, value: result, }); }); app.use('/assets/*', serveStatic({ root: './dist' })); app.use('/*', serveStatic({ root: './dist' })); app.get('/', serveStatic({ path: './dist/index.html' })); const port = Number(process.env.PORT ?? 3000); export default { port, fetch: app.fetch, }; Create startup.sh This script serves several important roles: Remove any node_modules folders or tar archives created by ORYX during deployment Install the Bun runtime Fully take over the ORYX build process Start the Bun server as the final step #!/bin/bash set -e echo "===== Startup script running =====" cd /home/site/wwwroot echo "Cleaning up Oryx-generated node_modules..." if [ -d /node_modules ]; then echo "Removing /node_modules ..." rm -rf /node_modules fi if [ -f node_modules.tar.gz ]; then echo "Removing node_modules.tar.gz ..." rm -f node_modules.tar.gz fi echo "Oryx cleanup complete." export BUN_INSTALL=/home/site/wwwroot/.bun export PATH="$BUN_INSTALL/bin:/home/site/wwwroot/node_modules/.bin:$PATH" export NODE_PATH="/home/site/wwwroot/node_modules" if [ ! -f "$BUN_INSTALL/bin/bun" ]; then echo "Bun not found. Installing..." curl -fsSL https://bun.sh/install | bash else echo "Bun already installed at $BUN_INSTALL" fi echo "Using Bun version:" bun --version echo "Running bun install ..." bun install echo "Running bun run build ..." bun run build echo "Starting server with bun run start ..." bun run start Modify src/main.ts Simplify the default welcome page so it only displays our test text. // src/main.ts document.querySelector<HTMLDivElement>('#app')!.innerHTML = ` <h1>Hello Bun Hono Vite</h1> `; Modify package.json Update the scripts section so that the project uses the newly created server.ts as the server entry point. { "name": "app", "private": true, "version": "0.0.0", "type": "module", "scripts": { "dev:vite": "vite", "build": "vite build", "preview": "vite preview", "start": "bun server.ts" }, "devDependencies": { "typescript": "~5.9.3", "vite": "^7.2.4" }, "dependencies": { "hono": "^4.10.7" } } Build the project locally This command generates a dist directory containing all Vite-built static assets. docker run --rm -it -v "$PWD":/app -w /app oven/bun:latest bun run build Run the server locally for testing docker run --rm -it -v "$PWD":/app -w /app -p 3000:3000 -e PORT=3000 oven/bun:latest bun run start You can press Ctrl + C to stop the server when finished. http://127.0.0.1:3000/ http://127.0.0.1:3000/api/hello http://127.0.0.1:3000/api/backend 3. Deployment We create a Linux Web App with a minimum SKU of Premium. Add Environment Variables SCM_DO_BUILD_DURING_DEPLOYMENT=false Purpose: Prevents the deployment environment from packaging during publish. This must also be set in the deployment environment itself. WEBSITE_RUN_FROM_PACKAGE=false Purpose: Instructs Azure Web App not to run the app from a prepackaged file. ENABLE_ORYX_BUILD=false Purpose: Prevents Azure Web App from building after deployment. All build tasks will instead execute during the startup script. Add Startup Command bash /home/site/wwwroot/startup.sh After that, we can return to VS Code and deploy the project. Once the deployment is complete, wait about five minutes for the build process to finish, and then you can begin testing. / /api/hello /api/backend 4. Conclusion Bun + Hono + Vite form a cohesive ecosystem that embodies the next era of JavaScript development: fast, compact, ergonomic, and deeply aligned with modern infrastructure needs. It is particularly well-suited for AI applications, where latency, concurrency, and rapid iteration matter more than ever. From streaming inference endpoints to vector database integrations, this stack offers the responsiveness and scalability essential for AI-powered systems.Announcing App Service Outbound IPv6 Support in Public Preview
Update 12/3/2025: This post has been updated with the public preview announcement for Linux sites, which were previously not included in this announcement. We are excited to announce the public preview of IPv6 outbound support in App Service for both Windows and Linux sites! Public preview of outbound IPv6 support for multi-tenant apps is supported on all App Service plan SKUs, Functions Consumption, Functions Elastic Premium, and Logic Apps Standard. This is the next announcement in our series of IPv6 related feature work on App Service. General availability of Inbound IPv6 Support on App Service multi-tenant This announcement: IPv6 (dual-stack) non-vnet outbound support (multi-tenant) Backlog - IPv6 vnet outbound support (multi-tenant and App Service Environment v3) Backlog - IPv6 vnet inbound support (App Service Environment v3 - both internal and external) Limitations in public preview While Linux sites require you to opt-in to enable outbound IPv6, Windows sites are enabled by default. Enablement for Linux is done via app settings. App settings are not enforceable by Azure Policy. How it works IPv6 outbound allows you to resolve endpoints to IPv6 addresses and call the IPv6 endpoint. There are no changes required in your code to start using IPv6 compatible endpoints. For Windows sites, this feature is enabled by default. But for Linux sites, opt-in via an app setting is required. See the Linux section later in this blog for details on how to enable it. The first iteration of the implementation does not support virtual network traffic. If your app is integrated with a virtual network and you have application traffic routing, aka "Route All" enabled, you will not be able to resolve or reach IPv6 endpoints. If you are using virtual network integration and disable application traffic routing, you can resolve and reach public IPv6 endpoints directly. Be cautious when changing the routing though as all your public traffic will not be routed through the virtual network at that point. Testing To test IPv6 connectivity, you can use the console. You'll also need an IPv6 capable endpoint. In this case, I took advantage of the general availability of inbound IPv6 on App Service and created a web app (named `ipv6`) with inbound IP mode set to "IPv6" and then called these commands ("-6" is optional, but can be used if the endpoint supports both IPv4 and IPv6): nslookup ipv6.azurewebsites.net curl -6 https://ipv6.azurewebsites.net Important considerations During public preview, Windows and Linux have different default behaviors when dealing with IPv6. Windows For Windows, outbound IPv6 is enabled by default. There are no controls to enable or disable outbound IPv6 for Windows during public preview. Windows will default to IPv4 if the DNS lookup returns both address types. So your app will continue to work without issues with this update. Linux Linux, however, when enabled, defaults to IPv6 if the DNS lookup returns both IPv4 and IPv6 address types. Therefore, sites that were previously working fine might experience issues when outbound IPv6 is enabled. If the DNS of your endpoint resolves to an IPv6 address that does not work, your app will also experience this behavior. Additionally, if you have a firewall or network device that blocks IPv6, or your app is not configured to use IPv6 endpoints, you will experience issues when you enable this feature. To prevent issues with this default behavior, we have made this feature an opt-in for Linux sites. To enable outbound IPv6 for Linux sites, add the app setting `WEBSITE_NETWORK_LINUX_OUTBOUND_DISABLE_IPV6` with a value of `false`. This app setting defaults to true if not provided, and therefore disables outbound IPv6 for the site. So if you want to completely disable IPv6 outbound on Linux, there's nothing needed. If you have apps on Linux where you have endpoints with bad IPv6 configurations, we have added the option to remove IPv6 DNS results for specific FQDNs. In addition to the app setting to enable IPv6, you can add an app setting called `WEBSITE_DNS_SUPPRESS_IPV6_RESULT_FQDNS`. For the value, you can add individual FQDNs comma separated or you can simply add `all` in the value to remove all IPv6 results. Updates coming with GA For GA, rather than relying on app settings, which are not enforceable or auditable by Azure Policy, we will create site properties to replicate the behavior of the Linux app settings to enable/disable the feature as well as suppress specific FQDNs. These site properties will only apply to Linux sites. If you are currently using the app settings, those will still work when we GA. But if you set the site properties, those will always take precedence. We want your feedback! As we continue to evolve App Service to support modern web standards, your feedback is invaluable. Try out IPv6 with your apps and let us know what you think!Azure App Service AI Scenarios: Complete Sample with AI Foundry Integration
This blog demonstrates how to implement AI scenarios on Azure App Service using Azure AI Foundry. It provides a complete sample for developers to integrate conversational AI, reasoning models, structured outputs, and multimodal processing (image and audio) into existing Flask applications. The guide includes quick-start deployment steps with Azure Developer CLI (azd), recommended models like GPT-4o-mini, and best practices for enterprise-grade AI integration. Ideal for developers seeking to modernize web apps with agentic capabilities, OpenAPI-based tools, and secure, scalable AI workflows.Faster Python on Azure Functions with uvloop
Python 3.13+ apps on Azure Functions are now faster by default. By replacing the standard event loop with uvloop, the Functions Python worker delivers higher throughput and lower latency for asynchronous workloads — no code changes required. Introduction Azure Functions powers millions of customer scenarios, from real-time APIs to event-driven automation. For Python developers, scalability often comes down to how efficiently the runtime handles I/O, concurrency, and asynchronous workloads. That’s why, starting with Python 3.13, the Azure Functions Python worker now uses uvloop as its default event loop. Built on top of libuv (the same library behind Node.js), uvloop provides a drop-in replacement for Python’s standard asyncio loop with measurable performance improvements. For customers, this means faster request handling and more responsive serverless applications — without having to update a single line of app code. Why Event Loops Matter The event loop is the backbone of any asynchronous Python application. It schedules coroutines, manages I/O events, and drives concurrency. In serverless workloads like Azure Functions, this loop runs continuously to: Handle incoming HTTP requests Dispatch and complete async tasks (like database queries or service calls) Manage parallel event processing (Event Hubs, Service Bus, etc.) The default Python event loop (UnixSelectorEventLoop) is reliable, but it wasn’t designed for high-throughput scenarios at massive scale. Uvloop, by contrast, is a high-performance reimplementation in Cython that consistently outperforms the built-in loop in both throughput and latency. How It Works in Azure Functions In Python 3.13+, the Azure Functions Python worker sets uvloop as the default event loop policy at startup: import uvloop, asyncio asyncio.set_event_loop_policy(uvloop.EventLoopPolicy()) This means any async workload — whether you’re using async def in your functions, calling external APIs, or parallelizing work with asyncio.gather — benefits immediately from uvloop’s faster scheduling and I/O handling. It is already available in the Functions runtime environment. No configuration changes, no requirements.txt edits, and no feature flags. If you’re running Functions on Python 3.13 or higher, uvloop is already in play. Measuring the Performance Gains We tested uvloop against the existing Unix event loop across several realistic workloads. For testing with Flex Consumption on Azure, the app with no uvloop is on Python 3.12, while the app with uvloop is on Python 3.13. The Flex Consumption app has an instance size of 2048 MB. Results were measured by taking the median of three runs for each test case. Test 1: 10k Requests, 50 Virtual Users Environment Event Loop Average HTTP Request Time (ms) Requests per second % Diff vs unix Local unix 96.95 515 - uvloop 87.99 565 +9.7% Azure unix 54.34 882 - uvloop 51.77 923 +4.8% Test 2: Sustained Load, 100 Virtual Users (5 min) Environment Event Loop Number of Requests Requests per second % Diff vs unix Local unix 157,580 525 - uvloop 167,928 560 +6.4% Azure unix 571,797 1,898 - uvloop 588,458 1,961 +2.9% Test 3: Heavy Concurrency, 500 Virtual Users + 5 async tasks per request Environment Event Loop Number of Requests Requests per second % Diff vs unix Local unix 216,212 720 - uvloop 231,878 772 +7% Azure unix 1,791,600 5,696 - uvloop 1,806,750 6,020 +1% The Unix Event Loop started showing failures in both environments in ~2% of requests. Across the board, uvloop delivered measurable improvements in throughput and latency — especially under high concurrency. Why Only Python 3.13+? While uvloop works with older versions of Python, we rolled it out as the default starting in 3.13 because: It ensured the change was strictly a net positive in performance and stability Easier rollout for all available Azure Functions SKUs, avoiding breaking existing customers Python 3.13 for the Azure Functions Worker introduces a Proxy Worker, so this is an additional performance boost to help with the extra overhead introduced Older runtimes remain on the standard event loop to minimize compatibility risks. Challenges and Lessons Learned Integrating uvloop into the Functions Python worker surfaced a few interesting challenges: Compatibility: Ensuring uvloop worked seamlessly across Linux environments at scale Observability: Updating logs to confirm which event loop policy was active Benchmark design: Testing realistic workloads (HTTP requests, async fan-out) to validate improvements beyond microbenchmarks Through this process, we confirmed uvloop consistently improved throughput and latency without regressions. Future Directions Switching to uvloop is just one step in making Azure Functions Python faster and more scalable. Looking ahead, we’re exploring: Deeper async optimizations: further tuning around asyncio and gRPC handling Serialization improvements: building on work like orjson for faster data processing Cold start performance: reducing startup overhead in Python workers Conclusion By adopting uvloop as the default event loop for Python 3.13+, Azure Functions makes async workloads faster, more reliable, and more scalable — all without requiring customers to change their code. If you’re upgrading to Python 3.13 for your Functions apps, uvloop is already running under the hood to give you better performance out of the box. Further Reading Azure Functions Azure Functions Python Developer Reference Guide Azure Functions Performance Optimizer Azure Functions Python Worker Azure Functions Python Library Azure Loading Testing Overview
