Share via

What happens to the Platform when an AppService is redeployed.

RJ 0 Reputation points
2025-12-11T11:48:46.1966667+00:00

Sorry if my question is too basic, and if some of my concepts are incorrect. Do correct me in case I am wrong.

So, my question is to understand what happens to the VM hosting my App when I am using Azure AppService and redeploy my app.

For example, if my application has a vulnerability in the coding which allows someone Remote code execution, this gives them the capability the run any command on the VM on which my Application is hosted. So if I am using Azure AppService, my application is hosted on a VM hosted and managed by Azure.

Now if I update my app and redeploy, what happens to the instance on which my App was hosted? Does it get's reinstalled from the scratch? my app get's shifted to some other instance? or is the same instance still being used without any changes?

Because if some did exploit my application and executed a malicious code, the VM hosting my application is at risk of being infected. So even if my code is now secure and not vulnerable, there is a chance that the VM hosting it is, and the application and storage blob is at risk.

Azure App Service
Azure App Service
Azure App Service is a service used to create and deploy scalable, mission-critical web apps.
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Q&A Assist
    2025-12-11T11:49:02.1366667+00:00
    AI generated content. This question contains an answer created with AI from Q&A Assist. Learn more

    When you redeploy your application in Azure App Service, the platform manages the underlying infrastructure, including the virtual machines (VMs) that host your application. Here’s what happens during a redeployment:

    1. Application Update: The new version of your application is deployed to the App Service. This process typically involves replacing the existing application code with the new code you have provided.
    2. Instance Management: Azure App Service runs your application in a multitenant environment. When you redeploy, Azure may use the same instance to host your application, but it can also shift your application to a different instance depending on the deployment strategy and the current load on the infrastructure.
    3. Isolation: Each application is segregated from others, meaning that even if your application had a vulnerability, it would not directly affect other applications running on the same VM. Azure App Service employs security measures to ensure that applications cannot access each other's data.
    4. Patching and Updates: Azure continuously updates the VMs and runtime software to address newly discovered vulnerabilities. This means that even if your application was vulnerable before the redeployment, the underlying platform is regularly patched to mitigate risks.
    5. Security Measures: If a vulnerability was exploited before the redeployment, the platform's security measures, including continuous threat management, help protect against further risks. However, if malicious code was executed, it is essential to ensure that the code is thoroughly reviewed and cleaned before redeploying to mitigate any potential risks.

    In summary, redeploying your application does not necessarily reinstall the VM from scratch, but it does update the application code and may involve moving it to a different instance. Azure App Service manages the security and isolation of applications to minimize risks from vulnerabilities.

    0 comments
  2. Golla Venkata Pavani 265 Reputation points Microsoft External Staff Moderator
    2025-12-11T13:19:01.65+00:00

    Hii RJ!

    It looks like you have few question about what happens to your App Service during a redeployment. Here's a breakdown that should help clarify things for you:

    When you redeploy your app in Azure App Service:

    1. Instance Restart: The instance hosting your app may be restarted. However, what often happens is that App Service uses a mechanism that allows for zero downtime. It means that while one instance is being updated or restarted, another instance is still handling traffic.
    2. Potential Instance Shift: If the update fails to start successfully (e.g., due to past malicious code), the existing instance will not necessarily get reinitialized from scratch immediately. Instead, the app may be moved to a different instance during the redeployment if needed. This offers an additional layer of security because it reduces the risk of a compromised VM lingering around.
    3. Security Enhancements: If you've resolved any vulnerabilities and have redeployed, your application’s instance should start using the updated code. However, it’s essential to note that if the malicious code had infected the underlying infrastructure (which is uncommon with Azure handling it), additional measures might be required.
    4. Monitoring and Diagnostic Tools: You might want to make use of the "Diagnose and solve problems" blade and the "Web App Restarted" detector within the Azure portal. These can provide insights into any recent restarts and what caused them, which is crucial for understanding how redeployments affect your app.
    5. Health Checks and Maintenance: Consider implementing health checks to ensure that your application isn’t sent requests until it's fully ready post-redeployment.

    Reference:
    https://dori-uw-1.kuma-moon.com/en-us/azure/app-service/routine-maintenance
    https://dori-uw-1.kuma-moon.com/en-us/azure/app-service/routine-maintenance-downtime
    Kindly let us know if the above comment helps or you need further assistance on this issue.

    Please "Accept" if the information helped you. This will help us and others in the community as well.

    0 comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.