Every Azure App Service web application includes a "hidden" service site called Kudu. Learn how to access Kudu and take advantage of the insights and extensions the service brings to your Azure-hosted applications.
Latest posts by Timothy Warner (see all)

Kudu (pronounced KOO-doo) is an open-source project that was originally designed to support Git source code control and WebJobs for Azure App Service web applications. Over the years, Kudu has expanded in its reach. In fact, you can even attach a Kudu instance to a non-Azure web app!

Accessing the Kudu service site

Frankly, I'm not sure why the Azure team doesn't make Kudu more obvious in the Azure Resource Management (ARM) portal. One method to access it is to go to Tools on your web app's main portal page, select Kudu from the menu, and then click Go. I show you this method in the following screenshot:

Accessing Kudu from the Azure Portal

Accessing Kudu from the Azure Portal

Another, more direct method is to modify your web app's URL. Specifically, you should insert the site control manager (scm) token into the URL, as shown below:


For mobile services, the URL format to access Kudu is the following:


If you've mapped your own public DNS name to your web app, then you'll still need to use the original *.azurewebsites.net DNS name to access Kudu.

Kudu console general navigation

The following composite screenshot shows my Azure web app's Kudu dashboard with the Debug console and Tools menus simultaneously exposed:

The Kudu site control manager

The Kudu site control manager

The Environment page gives Azure web site administrators several pieces of valuable information:

  • App settings
  • Connection strings
  • Environment variables
  • Runtime versions
  • Server variables
  • HTTP headers

This data is enormously helpful to have, especially when you recall that Azure web apps use a platform-as-a-service (PaaS) model in which we have limited direct control of the underlying Hyper-V virtual machine(s).

Of course, that data (especially raw connection strings) is sensitive, so it makes sense that you have to authenticate yourself as an Azure administrator before you can access the Kudu console.

Let's review some other useful Kudu-based web app administrative tasks.

Retrieve diagnostic dump data

Azure PaaS web apps run on Windows Server VMs and Internet Information Services (IIS). As you know, IIS offers verbose logging options. In Kudu, fetch the diagnostic logs by clicking Tools > Diagnostic Dump. This action yields a .zip file that contains the log data, current to their generation time.

If you'd prefer to see live log data, click Tools > Log stream. I show you the output from my Azure web app below:

Streaming log data for an Azure PaaS web application

Streaming log data for an Azure PaaS web application

View running processes

Click Process Explorer on the Kudu top navigation bar to see a stripped-down, web-based version of Windows Task Manager. This is a read-only view of your PaaS VM's running processes. It is mainly useful to see if any, and which, processes consume too many resources in your web app.

Launch a diagnostic console

It's admittedly pretty cool to obtain a web-based cmd.exe or PowerShell.exe console from within a web browser. Because we don't have full-stack access to the underlying VM the same way we do with the Azure infrastructure-as-a-service (IaaS) scenario, I enjoy being able to view and modify data with PowerShell.

As you can see in the below screenshot, I have over 3,000 cmdlets available to me. (It must be said that Azure restricts many of them through the Kudu endpoint.)

Running interactive PowerShell from Kudu

Running interactive PowerShell from Kudu

Site extensions

Many Azure administrators are familiar with virtual machine extensions. For instance, you can use the Azure Portal, Windows PowerShell, or Azure Command-Line Interface (CLI) to add functionality to your virtual machines, including but not limited to the following:

  • Desired State Configuration (DSC) configurations
  • Various agents (antimalware, configuration management, monitoring, etc.)
  • Backup automation

What I've found that not as many Azure administrators know is that you can do the same thing for your Azure App Service web applications. From Kudu, click Site Extensions, and you can browse its gallery, as shown here:

The Kudu Site Extensions gallery

The Kudu Site Extensions gallery

Notice the three buttons that accompany each extension:

  • Plus: Install the extension.
  • Info: Read metadata about the extension, including a link to the project's home page.
  • X: Uninstall the extension.

As an example, I find it annoying that Azure App Service refuses to enforce HTTPS connections to hosted web apps. You normally have to add a URL rewrite rule to your ASP.NET web app's web.config file. But what if you host a Python web app?

I found and installed the Redirect HTTP to HTTPS extension from the gallery. After restarting my site, I see that the extension appears on my Installed page in the Kudu Site Extensions gallery. More importantly, my web app now properly enforces secure connections!

REST API endpoints

Representational State Transfer (REST) is a popular framework for using web services nowadays. Its use facilitates data transfer in the lightweight, easy-to-read JavaScript Object Notation (JSON) format using stateless URLs.

The Kudu dashboard has a REST API section that lists various service data endpoints for your web app. For instance, if I submit the following URL, I'll get back a JSON-formatted results list of all my app settings:


Again, this is a neat programmatic method for retrieving your web app's data and metadata.

Here’s a tip. If you use the Google Chrome browser, install the JSONView extension to see the JSON data in a much more meaningful format. For instance, in the below screenshot, the raw JSON output appears above, and the extension-formatted output below.

Subscribe to 4sysops newsletter!

Raw JSON above, formatted JSON below

Raw JSON above, formatted JSON below


Leave a reply

Your email address will not be published.


© 4sysops 2006 - 2023


Please ask IT administration questions in the forums. Any other messages are welcome.


Log in with your credentials


Forgot your details?

Create Account