top of page

Utilizing App Service Environment v3 within Industries Focused on Compliance

The App Service Environment is an Azure App Service deployment designed for single-tenant use. By utilizing an Azure virtual network, you have exclusive access to this system. Applications that you deploy will be affected by the networking capabilities of the subnet. It's worth noting that no extra functionalities need to be activated for your applications to benefit from these networking features.

The Azure App Service offers the App Service Environment, which creates a completely segregated and exclusive environment for executing App Service apps in a highly secure and scalable manner. App Service Environments host the App Service plans, and scaling an app also scales the App Service plan and all the apps within that plan.

An App Service Environment can host below app services that are virtual network integrated:

  • Windows web apps

  • Linux web apps

  • Docker containers (Windows and Linux)

  • Functions

  • Logic apps (Standard)

Here are the differences between App Service Environment v3 and its predecessors:

  • The customer's virtual network has no networking dependencies. You can secure inbound and outbound traffic and manage outbound traffic routing as per your requirements.

  • You can create a zone-redundant App Service Environment v3 during creation in regions where all its dependencies are zone redundant. In such cases, each App Service Plan on the Environment must have a minimum of three instances to ensure they are distributed across zones. Refer to "Migrate App Service Environment to availability zone support under Microsoft documentation " for more information.

  • You can deploy an App Service Environment v3 on a dedicated host group, which isn't zone redundant.

  • Scaling is much quicker than with App Service Environment v2, although it's not immediate like the multi-tenant service.

  • Front-end scaling adjustments are no longer necessary, as they automatically scale based on your needs and are deployed on better hosts.

  • Scaling no longer blocks other scale operations within the App Service Environment v3. However, only one scale operation can be in effect for a specific OS and size combination at a time. For example, while your Windows small App Service plan is scaling, you can start a scale operation on a Windows medium or any other size except Windows small.

  • You can access apps in an internal-VIP App Service Environment v3 across global peering, which wasn't possible in earlier versions.

  • Certain features from earlier versions, such as performing a backup and restore operation on a storage account behind a firewall and accessing the FTPS endpoint using a custom domain suffix, are not available in App Service Environment v3.

Network diagram from ASE v2 to ASE v3

Subnet requirements:

The size of the subnet can affect the scaling limits of the App Service plan instances within the App Service Environment. Microsoft recommends using a /24 address space (256 addresses) for your subnet, to ensure enough addresses to support production scale.

DNS configuration:

  • Create an Azure DNS private zone named <App Service Environment-name>

  • Create an A record in that zone that points * to the inbound IP address.

  • Create an A record in that zone that points @ to the inbound IP address.

  • Create an A record in that zone that points *.scm to the inbound IP address.

More information can be found from the Microsoft website:

Recent Posts

See All


bottom of page