Managed Environments - List By Resource Group
Get all the Environments in a resource group.
Get all the Managed Environments in a resource group.
GET https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.App/managedEnvironments?api-version=2026-01-01URI Parameters
| Name | In | Required | Type | Description |
|---|---|---|---|---|
|
resource
|
path | True |
string minLength: 1maxLength: 90 |
The name of the resource group. The name is case insensitive. |
|
subscription
|
path | True |
string minLength: 1 |
The ID of the target subscription. |
|
api-version
|
query | True |
string minLength: 1 |
The API version to use for this operation. |
Responses
| Name | Type | Description |
|---|---|---|
| 200 OK |
OK |
|
| Other Status Codes |
Common error response. |
Security
azure_auth
Azure Active Directory OAuth2 Flow
Type:
oauth2
Flow:
implicit
Authorization URL:
https://login.microsoftonline.com/common/oauth2/authorize
Scopes
| Name | Description |
|---|---|
| user_impersonation | impersonate your user account |
Examples
List environments by resource group
Sample request
GET https://management.azure.com/subscriptions/8efdecc5-919e-44eb-b179-915dca89ebf9/resourceGroups/examplerg/providers/Microsoft.App/managedEnvironments?api-version=2026-01-01
Sample response
{
"value": [
{
"id": "/subscriptions/8efdecc5-919e-44eb-b179-915dca89ebf9/resourceGroups/examplerg/providers/Microsoft.App/managedEnvironments/jlaw-demo1",
"name": "jlaw-demo1",
"type": "Microsoft.App/managedEnvironments",
"location": "North Central US",
"tags": {},
"properties": {
"provisioningState": "Succeeded",
"deploymentErrors": null,
"defaultDomain": "jlaw-demo1.k4apps.io",
"staticIp": "20.42.33.145",
"appLogsConfiguration": null,
"zoneRedundant": true,
"vnetConfiguration": {
"infrastructureSubnetId": "/subscriptions/34adfa4f-cedf-4dc0-ba29-b6d1a69ab345/resourceGroups/RGName/providers/Microsoft.Network/virtualNetworks/VNetName/subnets/subnetName1"
},
"customDomainConfiguration": {
"customDomainVerificationId": "custom domain verification id",
"dnsSuffix": "www.my-name.com",
"subjectName": "CN=www.my-name.com",
"expirationDate": "2022-11-06T04:00:00Z",
"thumbprint": "CERTIFICATE_THUMBPRINT"
},
"eventStreamEndpoint": "testEndpoint",
"workloadProfiles": [
{
"name": "My-GP-01",
"workloadProfileType": "GeneralPurpose",
"minimumCount": 3,
"maximumCount": 12
},
{
"name": "My-MO-01",
"workloadProfileType": "MemoryOptimized",
"minimumCount": 3,
"maximumCount": 6
},
{
"name": "My-CO-01",
"workloadProfileType": "ComputeOptimized",
"minimumCount": 3,
"maximumCount": 6
},
{
"name": "My-consumption-01",
"workloadProfileType": "Consumption"
}
],
"ingressConfiguration": {
"workloadProfileName": "My-GP-01",
"terminationGracePeriodSeconds": 600,
"headerCountLimit": 50,
"requestIdleTimeout": null
},
"infrastructureResourceGroup": "capp-svc-jlaw-demo1-northcentralus"
}
},
{
"id": "/subscriptions/8efdecc5-919e-44eb-b179-915dca89ebf9/resourceGroups/examplerg/providers/Microsoft.App/managedEnvironments/demo1",
"name": "demo1",
"type": "Microsoft.App/managedEnvironments",
"location": "North Central US",
"tags": {},
"properties": {
"provisioningState": "Succeeded",
"deploymentErrors": null,
"defaultDomain": "demo1.k4apps.io",
"staticIp": "52.142.21.61",
"appLogsConfiguration": null,
"zoneRedundant": true,
"customDomainConfiguration": {
"customDomainVerificationId": "custom domain verification id",
"dnsSuffix": "www.my-name2.com",
"subjectName": "CN=www.my-name2.com",
"expirationDate": "2022-11-06T04:00:00Z",
"thumbprint": "CERTIFICATE_THUMBPRINT"
},
"eventStreamEndpoint": "testEndpoint",
"vnetConfiguration": {
"infrastructureSubnetId": "/subscriptions/34adfa4f-cedf-4dc0-ba29-b6d1a69ab345/resourceGroups/RGName/providers/Microsoft.Network/virtualNetworks/VNetName/subnets/subnetName1"
},
"ingressConfiguration": null,
"infrastructureResourceGroup": "capp-svc-demo1-northcentralus"
}
}
]
}Definitions
| Name | Description |
|---|---|
|
App |
Configuration of application logs |
|
Certificate |
Properties for a certificate stored in a Key Vault. |
|
created |
The type of identity that created the resource. |
|
Custom |
Configuration properties for apps environment custom domain |
|
Dapr |
Configuration properties Dapr component |
| Encryption |
Peer traffic encryption settings for the Managed Environment |
|
Environment |
Provisioning state of the Environment. |
|
Error |
The resource management error additional info. |
|
Error |
The error detail. |
|
Error |
Error response |
|
Ingress |
Settings for the ingress component, including workload profile, scaling, and connection handling. |
|
Keda |
Configuration properties Keda component |
|
Log |
Log Analytics configuration, must only be provided when destination is configured as 'log-analytics' |
|
Managed |
An environment for hosting container apps |
|
Managed |
Collection of Environments |
|
Managed |
Managed service identity (system assigned and/or user assigned identities) |
|
Managed |
Type of managed service identity (where both SystemAssigned and UserAssigned types are allowed). |
| Mtls |
Configuration properties for mutual TLS authentication |
|
Peer |
Peer authentication settings for the Managed Environment |
|
Peer |
Peer traffic settings for the Managed Environment |
|
Private |
The Private Endpoint resource. |
|
Private |
The Private Endpoint Connection resource. |
|
Private |
The current provisioning state. |
|
Private |
The private endpoint connection status. |
|
Private |
A collection of information about the state of the connection between service consumer and provider. |
|
Public |
Property to allow or block all public traffic. Allowed Values: 'Enabled', 'Disabled'. |
|
system |
Metadata pertaining to creation and last modification of the resource. |
|
User |
User assigned identity properties |
|
Vnet |
Configuration properties for apps environment to join a Virtual Network |
|
Workload |
Workload profile to scope container app execution. |
AppLogsConfiguration
Configuration of application logs
| Name | Type | Description |
|---|---|---|
| destination |
string |
Logs destination, can be 'log-analytics', 'azure-monitor' or 'none' |
| logAnalyticsConfiguration |
Log Analytics configuration, must only be provided when destination is configured as 'log-analytics' |
CertificateKeyVaultProperties
Properties for a certificate stored in a Key Vault.
| Name | Type | Description |
|---|---|---|
| identity |
string |
Resource ID of a managed identity to authenticate with Azure Key Vault, or System to use a system-assigned identity. |
| keyVaultUrl |
string (uri) |
URL pointing to the Azure Key Vault secret that holds the certificate. |
createdByType
The type of identity that created the resource.
| Value | Description |
|---|---|
| User | |
| Application | |
| ManagedIdentity | |
| Key |
CustomDomainConfiguration
Configuration properties for apps environment custom domain
| Name | Type | Description |
|---|---|---|
| certificateKeyVaultProperties |
Certificate stored in Azure Key Vault. |
|
| certificatePassword |
string |
Certificate password |
| certificateValue |
string (byte) |
PFX or PEM blob |
| customDomainVerificationId |
string |
Id used to verify domain name ownership |
| dnsSuffix |
string |
Dns suffix for the environment domain |
| expirationDate |
string (date-time) |
Certificate expiration date. |
| subjectName |
string |
Subject name of the certificate. |
| thumbprint |
string |
Certificate thumbprint. |
DaprConfiguration
Configuration properties Dapr component
| Name | Type | Description |
|---|---|---|
| version |
string |
The version of Dapr |
Encryption
Peer traffic encryption settings for the Managed Environment
| Name | Type | Description |
|---|---|---|
| enabled |
boolean |
Boolean indicating whether the peer traffic encryption is enabled |
EnvironmentProvisioningState
Provisioning state of the Environment.
| Value | Description |
|---|---|
| Succeeded | |
| Failed | |
| Canceled | |
| Waiting | |
| InitializationInProgress | |
| InfrastructureSetupInProgress | |
| InfrastructureSetupComplete | |
| ScheduledForDelete | |
| UpgradeRequested | |
| UpgradeFailed |
ErrorAdditionalInfo
The resource management error additional info.
| Name | Type | Description |
|---|---|---|
| info |
object |
The additional info. |
| type |
string |
The additional info type. |
ErrorDetail
The error detail.
| Name | Type | Description |
|---|---|---|
| additionalInfo |
The error additional info. |
|
| code |
string |
The error code. |
| details |
The error details. |
|
| message |
string |
The error message. |
| target |
string |
The error target. |
ErrorResponse
Error response
| Name | Type | Description |
|---|---|---|
| error |
The error object. |
IngressConfiguration
Settings for the ingress component, including workload profile, scaling, and connection handling.
| Name | Type | Description |
|---|---|---|
| headerCountLimit |
integer (int32) |
Maximum number of headers per request allowed by the ingress. Must be at least 1. Defaults to 100. |
| requestIdleTimeout |
integer (int32) |
Duration (in minutes) before idle requests are timed out. Must be between 4 and 30 inclusive. Defaults to 4 minutes. |
| terminationGracePeriodSeconds |
integer (int32) |
Time (in seconds) to allow active connections to complete on termination. Must be between 0 and 3600. Defaults to 480 seconds. |
| workloadProfileName |
string |
Name of the workload profile used by the ingress component. Required. |
KedaConfiguration
Configuration properties Keda component
| Name | Type | Description |
|---|---|---|
| version |
string |
The version of Keda |
LogAnalyticsConfiguration
Log Analytics configuration, must only be provided when destination is configured as 'log-analytics'
| Name | Type | Description |
|---|---|---|
| customerId |
string |
Log analytics customer id |
| sharedKey |
string |
Log analytics customer key |
ManagedEnvironment
An environment for hosting container apps
| Name | Type | Description |
|---|---|---|
| id |
string (arm-id) |
Fully qualified resource ID for the resource. E.g. "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}" |
| identity |
Managed identities for the Managed Environment to interact with other Azure services without maintaining any secrets or credentials in code. |
|
| kind |
string |
Kind of the Environment. |
| location |
string |
The geo-location where the resource lives |
| name |
string |
The name of the resource |
| properties.appLogsConfiguration |
Cluster configuration which enables the log daemon to export app logs to configured destination. |
|
| properties.customDomainConfiguration |
Custom domain configuration for the environment |
|
| properties.daprAIConnectionString |
string |
Application Insights connection string used by Dapr to export Service to Service communication telemetry |
| properties.daprAIInstrumentationKey |
string |
Azure Monitor instrumentation key used by Dapr to export Service to Service communication telemetry |
| properties.daprConfiguration |
The configuration of Dapr component. |
|
| properties.defaultDomain |
string |
Default Domain Name for the cluster |
| properties.deploymentErrors |
string |
Any errors that occurred during deployment or deployment validation |
| properties.eventStreamEndpoint |
string |
The endpoint of the eventstream of the Environment. |
| properties.infrastructureResourceGroup |
string |
Name of the platform-managed resource group created for the Managed Environment to host infrastructure resources. If a subnet ID is provided, this resource group will be created in the same subscription as the subnet. |
| properties.ingressConfiguration |
Ingress configuration for the Managed Environment. |
|
| properties.kedaConfiguration |
The configuration of Keda component. |
|
| properties.peerAuthentication |
Peer authentication settings for the Managed Environment |
|
| properties.peerTrafficConfiguration |
Peer traffic settings for the Managed Environment |
|
| properties.privateEndpointConnections |
Private endpoint connections to the resource. |
|
| properties.provisioningState |
Provisioning state of the Environment. |
|
| properties.publicNetworkAccess |
Property to allow or block all public traffic. Allowed Values: 'Enabled', 'Disabled'. |
|
| properties.staticIp |
string |
Static IP of the Environment |
| properties.vnetConfiguration |
Vnet configuration for the environment |
|
| properties.workloadProfiles |
Workload profiles configured for the Managed Environment. |
|
| properties.zoneRedundant |
boolean |
Whether or not this Managed Environment is zone-redundant. |
| systemData |
Azure Resource Manager metadata containing createdBy and modifiedBy information. |
|
| tags |
object |
Resource tags. |
| type |
string |
The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts" |
ManagedEnvironmentsCollection
Collection of Environments
| Name | Type | Description |
|---|---|---|
| nextLink |
string |
Link to next page of resources. |
| value |
Collection of resources. |
ManagedServiceIdentity
Managed service identity (system assigned and/or user assigned identities)
| Name | Type | Description |
|---|---|---|
| principalId |
string (uuid) |
The service principal ID of the system assigned identity. This property will only be provided for a system assigned identity. |
| tenantId |
string (uuid) |
The tenant ID of the system assigned identity. This property will only be provided for a system assigned identity. |
| type |
Type of managed service identity (where both SystemAssigned and UserAssigned types are allowed). |
|
| userAssignedIdentities |
<string,
User |
User-Assigned Identities |
ManagedServiceIdentityType
Type of managed service identity (where both SystemAssigned and UserAssigned types are allowed).
| Value | Description |
|---|---|
| None | |
| SystemAssigned | |
| UserAssigned | |
| SystemAssigned,UserAssigned |
Mtls
Configuration properties for mutual TLS authentication
| Name | Type | Description |
|---|---|---|
| enabled |
boolean |
Boolean indicating whether the mutual TLS authentication is enabled |
PeerAuthentication
Peer authentication settings for the Managed Environment
| Name | Type | Description |
|---|---|---|
| mtls |
Mutual TLS authentication settings for the Managed Environment |
PeerTrafficConfiguration
Peer traffic settings for the Managed Environment
| Name | Type | Description |
|---|---|---|
| encryption |
Peer traffic encryption settings for the Managed Environment |
PrivateEndpoint
The Private Endpoint resource.
| Name | Type | Description |
|---|---|---|
| id |
string (arm-id) |
The ARM identifier for Private Endpoint |
PrivateEndpointConnection
The Private Endpoint Connection resource.
| Name | Type | Description |
|---|---|---|
| id |
string (arm-id) |
Fully qualified resource ID for the resource. E.g. "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}" |
| name |
string |
The name of the resource |
| properties.groupIds |
string[] |
The group ids for the private endpoint resource. |
| properties.privateEndpoint |
The resource of private end point. |
|
| properties.privateLinkServiceConnectionState |
A collection of information about the state of the connection between service consumer and provider. |
|
| properties.provisioningState |
The provisioning state of the private endpoint connection resource. |
|
| systemData |
Azure Resource Manager metadata containing createdBy and modifiedBy information. |
|
| type |
string |
The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts" |
PrivateEndpointConnectionProvisioningState
The current provisioning state.
| Value | Description |
|---|---|
| Succeeded | |
| Failed | |
| Canceled | |
| Waiting | |
| Updating | |
| Deleting | |
| Pending |
PrivateEndpointServiceConnectionStatus
The private endpoint connection status.
| Value | Description |
|---|---|
| Pending | |
| Approved | |
| Rejected | |
| Disconnected |
PrivateLinkServiceConnectionState
A collection of information about the state of the connection between service consumer and provider.
| Name | Type | Description |
|---|---|---|
| actionsRequired |
string |
A message indicating if changes on the service provider require any updates on the consumer. |
| description |
string |
The reason for approval/rejection of the connection. |
| status |
Indicates whether the connection has been Approved/Rejected/Removed by the owner of the service. |
PublicNetworkAccess
Property to allow or block all public traffic. Allowed Values: 'Enabled', 'Disabled'.
| Value | Description |
|---|---|
| Enabled | |
| Disabled |
systemData
Metadata pertaining to creation and last modification of the resource.
| Name | Type | Description |
|---|---|---|
| createdAt |
string (date-time) |
The timestamp of resource creation (UTC). |
| createdBy |
string |
The identity that created the resource. |
| createdByType |
The type of identity that created the resource. |
|
| lastModifiedAt |
string (date-time) |
The timestamp of resource last modification (UTC) |
| lastModifiedBy |
string |
The identity that last modified the resource. |
| lastModifiedByType |
The type of identity that last modified the resource. |
UserAssignedIdentity
User assigned identity properties
| Name | Type | Description |
|---|---|---|
| clientId |
string (uuid) |
The client ID of the assigned identity. |
| principalId |
string (uuid) |
The principal ID of the assigned identity. |
VnetConfiguration
Configuration properties for apps environment to join a Virtual Network
| Name | Type | Description |
|---|---|---|
| dockerBridgeCidr |
string |
CIDR notation IP range assigned to the Docker bridge, network. Must not overlap with any other provided IP ranges. |
| infrastructureSubnetId |
string |
Resource ID of a subnet for infrastructure components. Must not overlap with any other provided IP ranges. |
| internal |
boolean |
Boolean indicating the environment only has an internal load balancer. These environments do not have a public static IP resource. They must provide infrastructureSubnetId if enabling this property |
| platformReservedCidr |
string |
IP range in CIDR notation that can be reserved for environment infrastructure IP addresses. Must not overlap with any other provided IP ranges. |
| platformReservedDnsIP |
string |
An IP address from the IP range defined by platformReservedCidr that will be reserved for the internal DNS server. |
WorkloadProfile
Workload profile to scope container app execution.
| Name | Type | Description |
|---|---|---|
| maximumCount |
integer (int32) |
The maximum capacity. |
| minimumCount |
integer (int32) |
The minimum capacity. |
| name |
string |
Workload profile type for the workloads to run on. |
| workloadProfileType |
string |
Workload profile type for the workloads to run on. |