All Azure App Service websites exist on the domain by default. Learn how to map your web app to a custom DNS domain.

When you create a new Azure App Service web application, you're required to choose a service name that's unique within Microsoft's Domain Name System (DNS) domain. For instance, if I create a web app named 4sysopsdev, I can access the site by using either of the following public uniform resource locators (URLs):

NOTE: Although this article focuses on web apps, you can use custom DNS domain names with the other Azure App Service app types, including mobile, API, and logic.

A nice benefit to using the Azure App Service is that your web apps can use HTTPS via Microsoft's wildcard SSL/TLS certificate.

Of course, the previous points are largely academic, because any business worth its salt should use its own public DNS domain for its Azure websites. I submit that this is true even for internally facing web apps.

Binding a public DNS domain to your Azure App Service web app involves three steps:

  1. Purchase a domain
  2. Create mapping DNS records with your registrar
  3. Associate the domain with your web app in the Azure Portal

Step 1—purchase a domain ^

In the Azure Resource Manager (ARM) portal at, navigate to your target App Services web app and open the Custom domains and SSL setting, as shown below:

The Custom domains and SSL blade

The Custom domains and SSL blade

Let me describe each section of that blade, as it is our central focus here:

  • Buy Domains: You can purchase a domain directly from the Azure portal; GoDaddy is the actual registrar in this case.
  • Bring External Domains: This button starts the process of mapping your domain name to the current Azure web app.
  • Managed Domains: This is where the DNS domains you've associated with Azure are listed.
  • Hostnames Assigned to Site: You always have the mapping and can't delete it; your custom mapping will appear in this list as well.
  • Certificates: Any uploaded SSL/TLS digital certificates reside here.
  • SSL bindings: The association between your custom domain name and your SSL certificate is here, if you have both associated with this web app.

Please note that you're not required to purchase your domain through the Azure Portal. As long as you can manage your domain's DNS records, you're all set.

Step 2—create mapping records ^

From the Custom domains and SSL blade, click Bring External Domain. You'll see a user interface very similar to the following:

The Bring External Domain blade

The Bring External Domain blade

You'll want to make note of the (a) fully qualified domain name (FQDN) as well as your web app's assigned public IPv4 address.

Next, head over to your DNS domain registrar and access its tool for managing your domain's DNS records. The goal is to create two new resource records:

  • Verification record: This IPv4 host (A) record maps the awverify hostname to your FQDN. Azure uses the awverify name to verify that you actually own your custom domain.
  • Mapping record: You can either create an A record pointing to your web app's public IP address or a canonical name (CNAME) alias record mapping to your FQDN.

With regard to the verification record and my own example domain, we'd create a CNAME record named to map the root of the domain.

If we wanted to map a subdomain such as, the CNAME record would be

The verification records are used only for that purpose and should not be used by anybody else. In fact, after verification succeeds, you can delete them.

For the mapping record, you have two choices:

  • A record: This method is required to map the root (@) of your own domain to Azure. The problem is that you'll have to update the A record if your Azure web app's public IPv4 address changes.
  • CNAME record: This method is convenient, because you don't have to change the record's target address if your web app shifts to a new public IPv4 address.

In the following screenshot, I show you mapping the root of my DNS domain to my Azure web app's public IPv4 address. In case you're curious, I use and its domain manager here:

Creating a DNS mapping record

Creating a DNS mapping record

Step 3–Associate the custom domain with your Azure web app ^

Use a free service site such as to test whether calls to your Azure web app resolve to Azure or your DNS registrar. In my experience, the verification and DNS name propagation normally take less than 10 minutes.

Back in the Azure Portal, the Bring External Domain blade will show a green check mark once the domain finishes mapping successfully.

As you can see in the next screenshot, you can unassign a domain name from your web app by clicking the domain in the Hostnames assigned to site section of the Custom domains and SSL blade and selecting Unassign from the fly-out menu.

Unassigning a custom domain

Unassigning a custom domain

Next steps ^

As you'd expect, the Azure development team offers several other capabilities for our Azure web apps. For instance, we can enable HTTPS on our apps by using an SSL/TLS certificate.

Subscribe to 4sysops newsletter!

The service is still in preview as of this writing, but Azure actually allows you to deploy and manage your own public DNS zones by using the Azure Portal, Windows PowerShell, or the Azure Command-Line Interface (CLI).


Leave a reply

Please enclose code in pre tags

Your email address will not be published. Required fields are marked *


© 4sysops 2006 - 2021


Please ask IT administration questions in the forums. Any other messages are welcome.


Log in with your credentials


Forgot your details?

Create Account