az functionapp deployment slot list --name <function-app> --resource-group <resource-group>Function deployment slot
Function deployment slot is a separate deployment environment inside a Function App that can host a release before it becomes the production slot. Teams use it to test code, app settings, warmup behavior, and integrations under the same app boundary before swapping traffic to the new version. In daily Azure work, it appears when engineers deploy a queue processor safely, warm an HTTP API, test slot settings, or roll back a bad serverless release without rebuilding the app.
Source: Microsoft Learn - Azure Functions deployment slots Reviewed 2026-05-14
- Exam trap
- Treating Function deployment slot as a simple label instead of checking live scope, owner, dependencies, and current configuration.
- Production check
- Verify the intended scope, owner tags, enabled state, identity, diagnostics, and linked resources before changing Function deployment slot.
Article details and learning context
- Aliases
- Azure Functions deployment slot, function app slot, staging slot for Functions
- Difficulty
- intermediate
- CLI mappings
- 6
- Last verified
- 2026-05-14
Understand the concept
Why it matters
Function deployment slot matters because it turns design intent into production behavior. When teams misunderstand it, they may deploy to the wrong place, expose credentials, overpay for capacity, break scaling, create inconsistent VM builds, or hide storage risk behind a vague name. For this term, that means a slot lets teams prove a function release can start, authenticate, connect, and process work before it changes the production endpoint. It affects security, reliability, operations, cost, and performance because one setting can change how code, images, data, identities, or user traffic behave. Review owner, scope, evidence, dependencies, and rollback before production change.
Official wording and source
An Azure Functions deployment target that runs a separate app instance, such as staging, which can be validated and swapped with production.
Technical context
Technically, Function deployment slot is configured or observed through Function App deployment slots, slot-specific app settings, production and staging slot endpoints, swap operations, hosting plan limits, deployment pipelines, identities, and diagnostic logs. Important settings include slot name, target slot, sticky settings, app settings, connection strings, managed identity assignments, deployment package, host state, warmup path, and swap preview behavior. Operators inspect it with az functionapp deployment slot output, app settings, deployment history, Application Insights traces, Activity Log entries, slot URLs, health probes, and release pipeline records.
Exam context
Compare with
Where it is used
Where you see it
- A Function App deployment slot list shows production, staging, or other slots with separate hostnames, app settings, deployment history, and current runtime state. Review owner, scope, evidence, dependencies, and rollback before production change.
- Release pipelines deploy to a slot first, run synthetic tests, verify function health, and then perform a controlled swap into production. Review owner, scope, evidence, dependencies, and rollback before production change.
- Activity Log and deployment records show slot create, update, and swap operations that explain why production behavior changed after a release. Review owner, scope, evidence, dependencies, and rollback before production change.
Common situations
- Design and document Function deployment slot before a production release changes traffic, identity, data access, deployment, image, or runtime behavior.
- Use Function deployment slot during incident triage to narrow the affected scope and gather evidence before changing live settings.
- Review Function deployment slot during architecture, security, cost, performance, and reliability planning for the workload.
Illustrative Azure scenarios
These examples show how the concept can affect design and operations. They are illustrative scenarios, not customer claims.
Scenario 01 Function deployment slot in action for payment webhook releases Scenario, objectives, solution, measured impact, and takeaway.
Northbridge Retail, an online merchant, needed to update payment webhook functions without interrupting checkout traffic during a holiday sale.
- Release new webhook code without downtime
- Validate payment provider callbacks before production
- Keep rollback under ten minutes
- Preserve audit evidence for each swap
The team used Function deployment slot to deploy the new package into staging while production continued handling callbacks. Slot-specific app settings kept test provider credentials isolated, and managed identity access was verified before swap. Synthetic payment events, Application Insights traces, and host startup logs confirmed the staging slot could process callbacks. After approval, operators swapped staging to production and kept the previous production slot available for rollback. Architects documented ownership, rollback steps, monitoring signals, and approval evidence so support staff could operate the design without guessing during incidents. The rollout included a lower-environment test, a named business owner, and a short runbook explaining what to verify before and after release. Security, reliability, cost, and performance evidence were captured together so reviewers could see the operational tradeoffs rather than only the deployment result.
- Checkout webhook errors stayed below 0.2 percent
- Rollback time tested at six minutes
- No live payment secrets were exposed in staging
- Release evidence satisfied audit review
Function deployment slots make serverless releases safer when staging configuration, warmup tests, and rollback evidence are treated as part of the design.
Scenario 02 Function deployment slot in action for hospital integration upgrade Scenario, objectives, solution, measured impact, and takeaway.
Contoso Health Network ran appointment synchronization functions that could not fail during clinic scheduling hours.
- Test new scheduling logic before production
- Avoid duplicate appointment messages
- Verify private database connectivity
- Shorten release windows
The platform team created a Function deployment slot attached to the same Premium plan. Engineers marked database and queue settings as slot-specific, deployed the new build, replayed sample messages from a nonproduction queue, and compared dependency traces. The swap was scheduled after clinic close, with a rollback command preapproved and dashboards focused on trigger lag, execution failures, and database calls. Architects documented ownership, rollback steps, monitoring signals, and approval evidence so support staff could operate the design without guessing during incidents. The rollout included a lower-environment test, a named business owner, and a short runbook explaining what to verify before and after release. Security, reliability, cost, and performance evidence were captured together so reviewers could see the operational tradeoffs rather than only the deployment result. The team also kept a clear rollback path, including the previous configuration, expected recovery time, and the logs needed to confirm restoration.
- Release window dropped from 90 minutes to 22 minutes
- No duplicate appointment messages occurred
- Database connectivity was proven before swap
- Support staff had one rollback command documented
A Function deployment slot is valuable when production safety depends on proving configuration and dependencies before changing the live endpoint.
Scenario 03 Function deployment slot in action for municipal permit API Scenario, objectives, solution, measured impact, and takeaway.
MetroWorks City Services wanted to modernize a permit-status API while residents continued submitting applications online.
- Deploy new HTTP functions safely
- Warm the API before traffic shift
- Track user-impact metrics after swap
- Retain the previous version briefly
Engineers used Function deployment slot for a staging version of the API. The team deployed through the release pipeline, warmed the staging endpoint with scripted requests, verified function keys, and compared response headers with production. After the slot swap, Application Insights monitored latency, failures, and external calls to the permit database. The old production slot stayed intact until the next morning so rollback remained simple. Architects documented ownership, rollback steps, monitoring signals, and approval evidence so support staff could operate the design without guessing during incidents. The rollout included a lower-environment test, a named business owner, and a short runbook explaining what to verify before and after release. Security, reliability, cost, and performance evidence were captured together so reviewers could see the operational tradeoffs rather than only the deployment result.
- First-request latency after swap stayed under 800 milliseconds
- Resident API errors fell by 18 percent
- Rollback readiness was preserved overnight
- Release notes mapped each setting to an owner
Deployment slots help teams make Azure Functions releases observable and reversible instead of treating deployment as a one-way file push.
Azure CLI
CLI checks make Function deployment slot review repeatable because they capture scoped evidence for configuration, ownership, dependencies, health, and change impact before operators modify production.
Useful for
- List or show the Azure resources related to Function deployment slot before selecting a target for deeper review.
- Capture read-only evidence for Function deployment slot during release approval, incident response, access review, or cost investigation.
- Compare configuration, metrics, logs, and dependent resources for Function deployment slot across environments before approving a mutating command.
Before you run a command
- Confirm tenant, subscription, resource group, application, plan, gallery, account, image, or deployment scope before trusting command output.
- Run list and show commands first, then save evidence before create, update, rotate, swap, restart, delete, generalize, or publish changes.
- Check whether the command affects customer traffic, credentials, images, data access, scaling, storage cost, or compliance evidence.
What the output tells you
- Names, resource IDs, locations, SKUs, enabled states, and parent relationships show whether you are inspecting the intended target.
- Settings, identities, versions, slots, keys, plans, images, endpoints, or account properties explain how workloads behave today.
- Timestamps, metrics, usage, health state, and logs help separate Azure configuration issues from application or downstream failures.
Mapped commands
Function deployment slot operational checks
directaz functionapp deployment slot show --name <function-app> --slot <slot-name> --resource-group <resource-group>az functionapp deployment slot create --name <function-app> --slot <slot-name> --resource-group <resource-group>az functionapp deployment slot swap --name <function-app> --slot <slot-name> --target-slot production --resource-group <resource-group>az functionapp show --name <function-app> --resource-group <resource-group>az functionapp config appsettings list --name <function-app> --resource-group <resource-group>Architecture context
Technically, Function deployment slot is configured or observed through Function App deployment slots, slot-specific app settings, production and staging slot endpoints, swap operations, hosting plan limits, deployment pipelines, identities, and diagnostic logs. Important settings include slot name, target slot, sticky settings, app settings, connection strings, managed identity assignments, deployment package, host state, warmup path, and swap preview behavior. Operators inspect it with az functionapp deployment slot output, app settings, deployment history, Application Insights traces, Activity Log entries, slot URLs, health probes, and release pipeline records.
- Security
- Security for Function deployment slot starts with slot-specific settings, publishing credentials, managed identity, function keys, storage connections, Key Vault references, deployment permissions, public slot endpoints, and whether secrets follow the intended slot. Review who can create, update, list, rotate, swap, publish, replicate, read diagnostics, or use the resource. Prefer Microsoft Entra ID, managed identity, least privilege, private networking, secure transfer, and audited automation where the service supports them. Keep secrets out of code and avoid public exposure unless a documented exception exists. Capture role assignments, Activity Log entries, diagnostic settings, policy decisions, and owner approvals so access and data handling are intentional.
- Cost
- Cost for Function deployment slot is driven by additional app instances, Premium or Dedicated capacity, monitoring volume, duplicated dependencies, idle staging slots, failed releases, and time spent reconciling settings after a swap. The expensive mistake is not only Azure consumption; it can also be failed releases, duplicate environments, over-retained images, unnecessary diagnostic volume, idle premium capacity, emergency support, or cleanup after weak design evidence. Review whether the workload truly needs the selected tier, replicas, runtime plan, retention, redundancy, access tier, monitoring, or automation pattern. Use tags, budgets, alerts, and cleanup reviews so teams can explain why the design exists. Review owner, scope, evidence, dependencies, and rollback before production change.
- Reliability
- Reliability for Function deployment slot depends on slot warmup, sticky settings, swap timing, host startup, trigger synchronization, dependency readiness, rollback path, and differences between staging and production configuration. A resource can exist and still fail the business workflow if versioning, slot state, runtime support, trigger health, image replication, storage redundancy, network rules, or downstream services are wrong. Test failure modes, deployment behavior, rollback steps, monitoring signals, and maintenance windows before relying on the design. During incidents, compare logs, metrics, configuration, deployment history, and application traces from the same time window before changing production. Review owner, scope, evidence, dependencies, and rollback before production change.
- Performance
- Performance for Function deployment slot depends on cold start, warmup behavior, package size, trigger synchronization, dependency initialization, App Insights overhead, hosting plan capacity, and latency before and after a swap. Measure platform metrics and workload completion times because a healthy control-plane response does not prove users received the right result. Test with realistic regions, data sizes, package sizes, image replication, trigger load, identity paths, network routes, cache state, and downstream limits. When performance regresses, compare configuration changes, resource limits, client logs, diagnostic data, and workload timing before adding capacity or blaming one service. Review owner, scope, evidence, dependencies, and rollback before production change.
- Operations
- Operations for Function deployment slot require slot inventories, release approvals, pre-swap tests, post-swap checks, rollback commands, setting comparisons, pipeline evidence, and incident notes tied to the exact slot. Before a change, capture read-only CLI output, portal evidence when useful, owner tags, dependency lists, expected behavior, and rollback steps. During incidents, avoid changing several settings at once; compare metrics, logs, deployment operations, identity evidence, network state, and downstream health first. Keep runbooks clear enough for support teams to verify current behavior quickly. Good operations make the term observable, reviewable, and recoverable during releases, audits, and incidents. Review owner, scope, evidence, dependencies, and rollback before production change.
Common mistakes
- Treating Function deployment slot as a simple label instead of checking live scope, owner, dependencies, and current configuration.
- Running a mutating command for Function deployment slot in the wrong subscription, resource group, app, gallery, image, or storage account context.
- Assuming successful deployment proves Function deployment slot works without checking logs, metrics, user behavior, and rollback evidence.