Tag Archives: AppService

Azure App Service scheduled restart

If you want to restart your App Service on a scheduled basis, you can do that using simple PowerShell:

Stop-AzureRmWebApp -Name '_App Service Name_' -ResourceGroupName '_Resource Group Name_'
Start-AzureRmWebApp -Name '_App Service Name_' -ResourceGroupName '_Resource Group Name_'

Basically you have to solve two issues:

  1. How to schedule such Powershell script to run automatically at given times? We can use a simple WebJob for that.
  2. How to authenticate the execution? We should use a Service Principal Id for that.

Let’s start from the second one.

Credits: This is an updated and fixed version of a procedure originally published by Karan Singh – a Microsoft Employee on his MSDN blog.

Getting a Service Principal Id for authentication

It is not a good idea to use a real user-account for authentication of such a job. If you have an Organizational Account with 2-Factor Authentication, forget it.

The right way of authenticating your jobs is to use a Service Principal Id which allows you to proceed with silent authentication.

To create one, save and run following Powershell script from your PC (one-off task):

    [Parameter(Mandatory=$true, HelpMessage="Enter Azure Subscription name. You need to be Subscription Admin to execute the script")]
    [string] $subscriptionName,

    [Parameter(Mandatory=$true, HelpMessage="Provide a password for SPN application that you would create")]
    [string] $password,

    [Parameter(Mandatory=$false, HelpMessage="Provide a SPN role assignment")]
    [string] $spnRole = "owner"

$ErrorActionPreference = "Stop"
$VerbosePreference = "SilentlyContinue"
$userName = $env:USERNAME
$newguid = [guid]::NewGuid()
$displayName = [String]::Format("VSO.{0}.{1}", $userName, $newguid)
$homePage = "http://" + $displayName
$identifierUri = $homePage

#Initialize subscription
$isAzureModulePresent = Get-Module -Name AzureRM* -ListAvailable
if ([String]::IsNullOrEmpty($isAzureModulePresent) -eq $true)
    Write-Output "Script requires AzureRM modules to be present. Obtain AzureRM from https://github.com/Azure/azure-powershell/releases. Please refer https://github.com/Microsoft/vsts-tasks/blob/master/Tasks/DeployAzureResourceGroup/README.md for recommended AzureRM versions." -Verbose

Import-Module -Name AzureRM.Profile
Write-Output "Provide your credentials to access Azure subscription $subscriptionName" -Verbose
Login-AzureRmAccount -SubscriptionName $subscriptionName
$azureSubscription = Get-AzureRmSubscription -SubscriptionName $subscriptionName
$connectionName = $azureSubscription.SubscriptionName
$tenantId = $azureSubscription.TenantId
$id = $azureSubscription.SubscriptionId

#Create a new AD Application
Write-Output "Creating a new Application in AAD (App URI - $identifierUri)" -Verbose
$secpasswd = ConvertTo-SecureString $password -AsPlainText -Force
$azureAdApplication = New-AzureRmADApplication -DisplayName $displayName -HomePage $homePage -IdentifierUris $identifierUri -Password $secpasswd -Verbose
$appId = $azureAdApplication.ApplicationId
Write-Output "Azure AAD Application creation completed successfully (Application Id: $appId)" -Verbose

#Create new SPN
Write-Output "Creating a new SPN" -Verbose
$spn = New-AzureRmADServicePrincipal -ApplicationId $appId
$spnName = $spn.ServicePrincipalName
Write-Output "SPN creation completed successfully (SPN Name: $spnName)" -Verbose

#Assign role to SPN
Write-Output "Waiting for SPN creation to reflect in Directory before Role assignment"
Start-Sleep 20
Write-Output "Assigning role ($spnRole) to SPN App ($appId)" -Verbose
New-AzureRmRoleAssignment -RoleDefinitionName $spnRole -ServicePrincipalName $appId
Write-Output "SPN role assignment completed successfully" -Verbose

#Print the values
Write-Output "`nCopy and Paste below values for Service Connection" -Verbose
Write-Output "***************************************************************************"
Write-Output "Connection Name: $connectionName(SPN)"
Write-Output "Subscription Id: $id"
Write-Output "Subscription Name: $connectionName"
Write-Output "Service Principal Id: $appId"
Write-Output "Service Principal key: <Password that you typed in>"
Write-Output "Tenant Id: $tenantId"
Write-Output "***************************************************************************"

You will be asked for a Subscription Name and Password for the Service Principal Id. You will also need to be an admin on your Azure Active Directory to be able to proceed.

Save the results securely, you can use the created Service Principal Id which gets the Owner role (or any other you specify) for many other administrative tasks (although it is a good idea to create a separate Service Principal for every single task).


Scheduling the restart using PowerShell WebJob

Use any WebJob deployment procedure of your taste to create a scheduled Powershell WebJob executing following script:

$ProgressPreference= "SilentlyContinue"
$password = '_Service Principal Key/Password_'
$secpasswd = ConvertTo-SecureString $password -AsPlainText -Force
$mycreds = New-Object System.Management.Automation.PSCredential ("_Service Principal Id_", $secpasswd)
Add-AzureRmAccount -ServicePrincipal -Tenant '_Tenant Id_' -Credential $mycreds
Select-AzureRmSubscription -SubscriptionId '_Subscription Id_'
Stop-AzureRmWebApp -Name '_App Service Name_' -ResourceGroupName '_Resource Group Name_'
Start-AzureRmWebApp -Name '_App Service Name_' -ResourceGroupName '_Resource Group Name_'

For manual deployment, you can use the Azure Portal directly:


  1. Save the script as run.ps1 file and create a ZIP archive with it (with any name).
  2. Go to App Service / Web Jobs and Add a new WebJob there:


And it’s done. Just be sure to enable Always On for your App Service to execute the WebJobs on schedule.

You can Start the job manually from here (the Start button) if  you want to test it and you can verify the execution results using KUDU Dashboard (the Logs button).


Cloud Application Development – 02 Azure App Services, WebJobs, SQL, SendGrid [MFF UK NSWI152, LS 2018]

Recording from the second lesson (27/Feb 2018) of Cloud Applications Development course (NSWI152) for MMF UK (LS 2017/2018). It is publish on our HAVIT YouTube Channel.

Topics covered:

  • Azure App Service
    • Creating simple Web Site
    • Deployment from Visual Studio
    • Deployment from GitHub
  • Web Jobs – Creating & Deployment
  • Azure SQL database – Creating & Accessing from Visual Studio 2017
  • Azure SendGrid mail service

You can find the labs instructions on GitHub (LAB1 + LAB2).

AppService: Setting a time-zone with a WEBSITE_TIME_ZONE App Setting (and many more)

By default, your AppServices run in UTC. There is an almost undocumented (or at least very little known) feature of KUDU which allows you forcing a specific time zone to your application. By adding specific Application Settings to your App Service (in Azure Portal) you can set following features:

  • WEBSITE_TIME_ZONE, e.g. Central Europe Standard Time (List of supported values)
  • SCM_TOUCH_WEBCONFIG_AFTER_DEPLOYMENT = 1/0 – does what it says (default is 1)
  • SCM_TRACE_LEVEL = 1..4 – you can get more detailed tracing by setting higher level (default is 1)
  • Build/GIT related options
  • Caching related options
  • Setting Node/NPN version
  • WEBSITE_LOAD_CERTIFICATES – Loading certificates
  • Low-level diagnostic switches
  • WEBSITE_DISABLE_SCM_SEPARATION – allows you to run your site and SCM (Kudu) in the same sandbox (and potentially save some resources) – unfortunately marked as legacy-obsolete and not supported any more
  • and many more

You can find complete list of features in Project KUDU Wiki.