Custom domains and SSL settings allow us to customize the URL for our application and apply certificates to encrypt connections and increase security. These are directly connected as you can't apply a valid SSL certificate without a custom domain for your Web App.
An Azure Web App, by default, has the URL customname.azurewebsites.net (where in customname is the name you provided while creating the Web App). In order to simplify access, you can use a custom URL that you already own or you can buy a new domain. There is even the option to buy a new domain through the Azure portal, but the offer is not provided by Microsoft, but by partners. If you buy a new domain through the Azure portal, this will be added to your Azure bill.
In order to set up a custom domain, domain ownership needs to be verified. This is done by adding ether CNAME (customname.azurewebsites.net) or a record (Azure Web App IP address) on your DNS which will point your custom domain to the Azure Web App. Once verification is done, you just need to confirm that you want to use that domain for your Azure Web App. Also, you can set up your website to use HTTPS only to increase security, especially if you are using SSL. Information on CNAME and the IP addresses that need to be added to verify ownership, and later to be used to point to your website, can be found on this page:
SSL Configuration allows us to set HTTPS Only again. I strongly advise you to use this whenever possible. Another security option is Minimum TLS Version, wherein you can choose between 1.0, 1.1 and 1.2. It is recommended to use TLS 1.2 as it may be reported insecure otherwise. The Bindings option allows you to pair up a custom domain and available certificates. As you can have more custom domains point to a single website, all available domains with SSL will be shown in the list, as shown here:
The Certificates section under SSL settings allows you to manage certificates for your website. You can either Import App Service Certificate or Upload Certificate. An App Service certificate is an option that allows you to buy a certificate through the Azure portal and use that certificate for your applications. This certificate will be available to all apps in the tenant. The Upload Certificate option allows you to upload an existing certificate that you already have or have bought from an external source. Certificates will show under the public or private list, depending on the type of certificate you uploaded or imported. You can also request Client Certificates if needed. All certificate options are shown in the following screenshot:
Automatic scaling for Azure Web Apps is done similarly to a virtual machine scale set (VMSS). Under the Scale out section, you can find a blade that is identical to the scale out blade in VMSS. In order to configure scale out rules, you need to set up scale out and scale in parameters. For example, you can set up a web app to add an additional instance whenever the CPU goes over 70%, and then decrease the number of instances if the CPU goes under 25%. You can set up the minimum, maximum, and default number of instances. Additional scale out and scale in rules can be added that will perform a scale in/out depending on different metrics. This will allow you to save money and run the minimum number of instances needed without suffering performance issues. An example of scale conditions is shown in the following screenshot:
