Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.

Download Microsoft Edge More information Get to know Azure

Discover secure, future-ready cloud solutions—on-premises, hybrid, multicloud or at the edge

Global infrastructure

Learn about sustainable, trusted cloud infrastructure with more regions than any other provider

Cloud economics

Build your business case for the cloud with key financial and technical guidance from Azure

Customer enablement

Plan a clear path forward for your cloud journey with proven tools, guidance and resources

Customer stories

See examples of innovation from successful companies of all sizes and from all industries

Microsoft Azure Data Manager for Agriculture

Azure Data Manager for Agriculture extends the Microsoft Intelligent Data Platform with industry-specific data connectors and capabilities to bring together farm data from disparate sources, enabling organizations to leverage high quality datasets and accelerate the development of digital agriculture solutions

Application development

Build, manage and continuously deliver cloud apps—with any platform or language

Analyse images, comprehend speech and make predictions using data

Cloud migration and modernisation

Simplify and accelerate your migration and modernisation with guidance, tools and resources

Data and analytics

Gather, store, process, analyse and visualise data of any variety, volume or velocity

Hybrid cloud and infrastructure

Bring the agility and innovation of the cloud to your on-premises workloads

Internet of Things

Connect, monitor, and control devices with secure, scalable, and open edge-to-cloud solutions

Security and governance

Help protect data, apps and infrastructure with trusted security services

Financial services

Transform customer experience, build trust and optimise risk management

Gaming

Build, quickly launch and reliably scale your games across platforms

Government

Implement remote government access, empower collaboration and deliver secure services

Healthcare

Boost patient engagement, empower provider collaboration and improve operations

Manufacturing

Improve operational efficiencies, reduce costs and generate new revenue opportunities

Media and entertainment

Create content nimbly, collaborate remotely and deliver seamless customer experiences

Retail

Personalise customer experiences, empower your employees and optimise supply chains

Reference architectures

Find reference architectures, example scenarios and solutions for common workloads on Azure

Resources for accelerating growth

Do more with less—explore resources for increasing efficiency, reducing costs, and driving innovation

Azure Marketplace

Search from a rich catalogue of more than 17,000 certified apps and services

Customer enablement

Plan a clear path forward for your cloud journey with proven tools, guidance and resources

Azure Partner Zone

Find the latest content, news and guidance to lead customers to the cloud

Azure technology partners

Build, extend and scale your apps on a trusted cloud platform

Publish your app

Reach more customers—sell directly to over 4M users a month in the commercial marketplace

As part of the January 2020 update to Azure App Service, .NET Framework patches that update how .NET framework apps handle the SameSite cookie property are being installed. The service is also deploying an App Service compatibility behavior that applies to all applications running on App Service for scenarios where a cookie has set the SameSite property to "None".

.NET Core versions on the App Service platform already contain updates for SameSite cookie handling and are not changing as part of the January 2020 service update.

The Azure App Service payload is deploying throughout January 2020, with an estimated completion date of the end of January 2020 across the public Azure cloud, all App Service environments and national clouds. See the latest information about the deployment.

Since the updates are deployed incrementally across the service, applications will start running on the newer App Service payload at different times during the deployment period.  Developers can determine if applications are running on the updated App Service payload by checking the version of App Service in the SCM site. The SCM site is available in the portal from the Development Tools --> Advanced Tools option.  Alternatively, developers can navigate directly to the SCM site for an application using the following URL format:  https:// your-sitename-here .scm.azurewebsites.net.

For Windows App Service sites, the home page of the SCM site shows the Azure App Service version.  If the version is 86.0.7.148 (or later) , then the associated application is running on the newly patched version of App Service.

For Linux App Service sites, clicking the Environment option in top menu of the SCM site will return a page with all of the sites’ environment variables. The resulting page will have a URL formatted like this:  https:// your-sitename-here .scm.azurewebsites.net/Env.  The PLATFORM_VERSION environment variable shows the current App Service version.  If the version is 86.0.7.148 (or later) , then the associated application is running on the newly patched version of App Service.

Details on the .NET Framework Patch for SameSite

Specific details on differences in SameSite cookie handling included in the .NET Framework 4.7.2 patch are described in this article .

With the .NET Framework patch installed, the .NET Framework changes the defaults for the cookieSameSite configuration property for Session State and Forms Authentication to "Lax".   The .NET Framework also automatically sends the SameSite=None cookie property on the wire when HttpCookie.SameSite has been set to a value of "None".

Additional information about SameSite cookie handling with the .NET Framework is available in this article as well as in our documentation .

Read more about the forms authentication cookieSameSite default in this article .

Read more about the session state cookieSameSite default in this article .

Additional information about SameSite cookie handling with .NET Core is available in this article .

Details on Azure App Service compatibility behavior

In addition to the .NET Framework patch, Azure App Service has introduced a compatibility behavior for the scenario where an HTTP/HTTPS response includes a cookie header with a SameSite property set to a value of "None" and the requesting user agent matches a specific subset of older browsers that do not support the newer 2019 SameSite standard and so do not recognise the SameSite property of "None".  When an older browser is detected, Azure App Service will automatically remove the SameSite=None cookie property if it is detected in the response headers.

The net effect of the App Service compatibility behavior is that a specific subset of older browsers will not receive an unrecognised SameSite value (which can cause older browsers to revert to SameSite=Strict behavior), while newer browsers like Chrome v80 will receive the SameSite=None cookie property.

The specific detection logic used by App Service for deciding when to remove the SameSite=None property from a response follows the pseudo-logic documented in this article .

Developers should review their applications’ usage and reliance (if any) on the SameSite cookie property and update application logic with user agent detection and special handling as appropriate for each application’s scenario. The App Service platform’s compatibility behavior is intended only as a partial mitigation to aid developers while applications are updated to handle the 2019 SameSite behavior implemented in newer browser versions.

Developers should also review additional browser requirements when cookies include the SameSite=None property. For example, Chrome v80 will only honor SameSite=None if the cookie is also marked with the Secure attribute and the cookie is flowing over an HTTPS connection. See more details .

The Azure App Service compatibility behavior is implemented on the App Service network edge infrastructure. The behavior is active for all sites running on App Service, regardless of the language or framework used by the site. The compatibility functionality works for sites running on both the Linux and Windows variations of App Service, for App Service Environments and for all national cloud deployments of Azure App Service.