Azure · lachaves · Aug 4, 2023 · Jul 31, 2023 · Jul 31, 2023 · Aug 4, 2023
diff --git a/docs/content/services/web/app service/_index.md b/docs/content/services/web/app service/_index.md
@@ -12,10 +12,14 @@ The presented resiliency recommendations in this guidance include App Service an
 ## Summary of Recommendations
 
 {{< table style="table-striped" >}}
-| Recommendation                                    |  Impact  |  State   | ARG Query Available |
+| Recommendation | Impact | State | ARG Query Available |
 | :------------------------------------------------ | :------: | :------: | :-----------------: |
-| [App-1 - Enable diagnostics logging](#app-1---enable-diagnostics-logging) | High | Preview  |         No         |
-| [App-2 - Work in progress](#app-2---work-in-progress) | High | Preview |         Yes          |
+| [App-1 - Enable diagnostics logging](#app-1---enable-diagnostics-logging) | High | Preview | No |
+| [App-2 - Monitor performance](#app-2---monitor-performance) | Medium | Preview | No |
+| [App-3 - Separate web apps from web APIs](#app-3---separate-web-apps-from-web-apis) | Low | Preview | Yes |
+| [App-4 - Create a separate storage account for logs](#app-4---create-a-separate-storage-account-for-logs) | Medium | Preview | No |
+| [App-5 - Deploy to a staging slot.](#app-5---deploy-to-a-staging-slot) | Medium | Preview | Yes |
+| [App-6 - Store configuration as app settings](#app-6---store-configuration-as-app-settings) | Medium | Preview | No |
 
 {{< /table >}}
 
@@ -35,23 +39,40 @@ Definitions of states can be found [here]({{< ref "../../../_index.md#definition
 
 Enabling diagnostics logging for your Azure App Service is important for monitoring and diagnostics purposes. It includes application logging and web server logging.
 
-
 **Resources**
 
 - [Enable diagnostics logging for apps in Azure App Service](https://learn.microsoft.com/en-us/azure/app-service/troubleshoot-diagnostic-logs)
 
 <br><br>
 
-### App-2 - Work in progress
-**Impact: High**
+### App-2 - Monitor Performance
+
+**Impact: Medium**
+
+**Recommendation/Guidance**
+
+Use a performance monitoring service such [Application Insights](https://learn.microsoft.com/en-us/azure/application-insights/app-insights-overview) to monitor application performance and behavior under load. Performance monitoring gives you real-time insight into the application. It enables you to diagnose issues and perform root-cause analysis of failures.
+
+Enable monitoring on your web applications based on ASP.NET, ASP.NET Core, Java, and Node.js running on Azure App Service. Previously, you needed to manually instrument your app, but the latest extension/agent is now built into the App Service image by default.
+
+**Resources**
+
+- [Application Insights](https://learn.microsoft.com/en-us/azure/application-insights/app-insights-overview)
+- [Application monitoring for Azure App Service](https://learn.microsoft.com/en-us/azure/azure-monitor/app/azure-web-apps)
+
+<br><br>
+
+### App-3 - Separate web apps from web APIs
+
+**Impact: Low**
 
 **Recommendation/Guidance**
 
-comming soon 
+If your solution has both a web front end and a web API, consider decomposing them into separate App Service apps. This design makes it easier to decompose the solution by workload. You can run the web app and the API in separate App Service plans, so they can be scaled independently. If you don't need that level of scalability at first, you can deploy the apps into the same plan, and move them into separate plans later, if needed.
 
 **Resources**
 
-- [TBC](#app-2---work-in-progress)
+- [Resiliency checklist for specific Azure services](https://learn.microsoft.com/en-us/azure/architecture/checklist/resiliency-per-service#app-service)
 
 **Resource Graph Query/Scripts**
 
@@ -62,3 +83,54 @@ comming soon
 {{< /collapse >}}
 
 <br><br>
+
+### App-4 - Create a separate storage account for logs
+
+**Impact: Medium**
+
+**Recommendation/Guidance**
+
+Create a separate storage account for logs. Don't use the same storage account for logs and application data. This helps to prevent logging from reducing application performance.
+
+**Resources**
+
+- [Resiliency checklist](https://learn.microsoft.com/en-us/azure/architecture/checklist/resiliency-per-service#app-service)
+
+<br><br>
+
+### App-5 - Deploy to a staging slot
+
+**Impact: Medium**
+
+**Recommendation/Guidance**
+
+Create a deployment slot for staging. Deploy application updates to the staging slot, and verify the deployment before swapping it into production. This reduces the chance of a bad update in production. It also ensures that all instances are warmed up before being swapped into production. Many applications have a significant warmup and cold-start time. For more information
+
+Consider creating a deployment slot to hold the last-known-good (LKG) deployment. When you deploy an update to production, move the previous production deployment into the LKG slot. This makes it easier to roll back a bad deployment. If you discover a problem later, you can quickly revert to the LKG version.
+**Resources**
+
+- [Set up staging environments in Azure App Service](https://learn.microsoft.com/en-us/azure/app-service-web/web-sites-staged-publishing)
+
+**Resource Graph Query/Scripts**
+
+{{< collapse title="Show/Hide Query/Script" >}}
+
+{{< code lang="sql" file="code/app-2/app-5.kql" >}} {{< /code >}}
+
+{{< /collapse >}}
+
+<br><br>
+
+### App-6 - Store configuration as app settings
+
+**Impact: Medium**
+
+**Recommendation/Guidance**
+
+Use app settings to hold configuration settings as app settings. Define the settings in your Resource Manager templates, or using PowerShell, so that you can apply them as part of an automated deployment / update process, which is more reliable.
+
+**Resources**
+
+- [Configure web apps in Azure App Service](https://learn.microsoft.com/en-us/azure/app-service-web/web-sites-configure)
+
+<br><br>
diff --git a/docs/content/services/web/app service/code/app-2/app-2.kql b/docs/content/services/web/app service/code/app-2/app-2.kql
@@ -1,4 +1,8 @@
 // Azure Resource Graph Query
-// TODO: Work in progress
+// This query is checking if multiple applications are hosted on a app service plan
 resources
-| where type =~ 'microsoft.web/serverfarms'
+| where type == "microsoft.web/sites"
+| extend AppServicePlanId = tostring(properties.serverFarmId)
+| project kind, AppServicePlanId
+| summarize WebCount = countif(kind == 'app'),  APICount = countif(kind == 'api'), AppsCount = count() by AppServicePlanId , AppServicePlanName = tostring(split(AppServicePlanId, "/")[-1])
+| where WebCount +APICount > 0 and AppsCount > 1
diff --git a/docs/content/services/web/app service/code/app-2/app-5.kql b/docs/content/services/web/app service/code/app-2/app-5.kql
@@ -0,0 +1,7 @@
+// Azure Resource Graph Query
+//This will display the name of the deployment slot
+//for the application if no slot is defined the results will be empty
+
+resources
+| where type == "microsoft.web/sites"
+| project  AppName = name, slot = tostring(properties.slotName)