more edits

Author: v-thepet

articles/app-service/deploy-ftp.md

@@ -1,5 +1,5 @@
 ---
-title: Deploy content using FTP
+title: Deploy content using FTP/S
 description: Learn how to deploy your app to Azure App Service using FTP or FTPS, and improve website security by disabling unencrypted FTP.
 
 ms.assetid: ae78b410-1bc0-4d72-8fc4-ac69801247ae
@@ -9,42 +9,40 @@ author: cephalin
 ms.author: cephalin
 ---
 
-# Deploy your app to Azure App Service using FTP
+# Deploy your app to Azure App Service using FTP/S
 
-This article shows you how to use File Transfer Protocol (FTP) or File Transfer Protocol Secure (FTPS) to deploy your web app, mobile app backend, or API app to [Azure App Service](overview.md). No configuration is necessary to enable FTP or FTPS app deployment. The FTP endpoint for your app is already active.
-
-FTPS is a more secure form of FTP that uses Transport Layer Security (TLS) and Secure Sockets Layer (SSL). This article uses *FTP* to indicate both forms unless otherwise specified. For more information, see [Enforce FTPS](#enforce-ftps).
+This article shows you how to use File Transfer Protocol (FTP) or File Transfer Protocol Secure (FTPS) to deploy your web app, mobile app backend, or API app to [Azure App Service](overview.md). No configuration is necessary to enable FTP or FTPS app deployment. The FTP/S endpoint for your app is already active.
 
 > [!NOTE]
-> Both SCM Basic Auth Publishing Credentials and FTP Basic Auth Publishing Credentials must be enabled for FTP deployment to work. When [basic authentication is disabled](configure-basic-auth-disable.md), FTP deployment doesn't work, and you can't view or configure FTP credentials in the app's **Deployment Center**.
+> Both SCM Basic Auth Publishing Credentials and FTP Basic Auth Publishing Credentials must be enabled for FTP/S deployment to work. When [basic authentication is disabled](configure-basic-auth-disable.md), FTP/S deployment doesn't work, and you can't view or configure FTP/S credentials in the app's **Deployment Center**.
 
 ## Get deployment credentials
 
-To get credentials for deployment, follow the instructions at [Configure deployment credentials for Azure App Service](deploy-configure-credentials.md). Copy the application-scope credentials for your app, or set and copy user-scope credentials. You can connect to your app's FTP endpoint by using either set of credentials.
+To get credentials for deployment, follow the instructions at [Configure deployment credentials for Azure App Service](deploy-configure-credentials.md). Copy the application-scope credentials for your app, or set and copy user-scope credentials. You can connect to your app's FTP/S endpoint by using either set of credentials.
 
-For application-scope credentials, the FTP username format is `<app-name>\$<app-name>`. For user-scope credentials, the FTP username format is `<app-name>\<username>`. The App Service FTP endpoint is shared among apps, and because user-scope credentials aren't linked to a specific resource, you must prepend the username with the app name.
+For application-scope credentials, the FTP/S username format is `<app-name>\$<app-name>`. For user-scope credentials, the FTP/S username format is `<app-name>\<username>`. App Service FTP/S endpoints are shared among apps, and because user-scope credentials aren't linked to a specific resource, you must prepend the username with the app name.
 
 ## Get the FTP endpoint
 
-To get the FTP endpoint:
+To get the FTP/S endpoint:
 
 # [Azure portal](#tab/portal)
 
 On the [Azure portal](https://portal.azure.com) page for your app, select **Deployment Center** under **Deployment** in the left navigation menu. On the **FTPS Credentials** tab, copy the **FTPS Endpoint** URL.
 
 # [Azure CLI](#tab/cli)
 
-Run the following [az webapp deployment list-publishing-profiles](/cli/azure/webapp/deployment#az-webapp-deployment-list-publishing-profiles) command, replacing the `<app-name>` and `<resource-group-name>` with your values. The following example uses a [JMESPath query](/cli/azure/query-azure-cli) to extract the FTP endpoints from the output.
+Run the following [az webapp deployment list-publishing-profiles](/cli/azure/webapp/deployment#az-webapp-deployment-list-publishing-profiles) command, replacing the `<app-name>` and `<resource-group-name>` with your values. The following example uses a [JMESPath query](/cli/azure/query-azure-cli) to extract the FTP/S endpoints from the output.
 
 ```azurecli-interactive
 az webapp deployment list-publishing-profiles --name <app-name> --resource-group <resource-group-name> --query "[?ends_with(profileName, 'FTP')].{profileName: profileName, publishUrl: publishUrl}"
 ```
 
-Each app has two FTP endpoints, read-write and read-only. The read-only endpoint has a `profileName` containing `ReadOnly` and is for data-recovery scenarios. For FTP deployment, copy the read-write URL.
+Each app has two FTP/S endpoints, read-write and read-only. The read-only endpoint has a `profileName` containing `ReadOnly` and is for data-recovery scenarios. For FTP/S deployment, copy the read-write URL.
 
 # [Azure PowerShell](#tab/powershell)
 
-Run the following [Get-AzWebAppPublishingProfile](/powershell/module/az.websites/get-azwebapppublishingprofile) command, replacing the `<app-name>` and `<resource-group-name>` with your values. The following example extracts the FTP endpoint from the XML output.
+Run the following [Get-AzWebAppPublishingProfile](/powershell/module/az.websites/get-azwebapppublishingprofile) command, replacing the `<app-name>` and `<resource-group-name>` with your values. The following example extracts the FTP/S endpoint from the XML output.
 
 ```azurepowershell-interactive
 $xml = [xml](Get-AzWebAppPublishingProfile -Name <app-name> -ResourceGroupName <resource-group-name> -OutputFile null)
@@ -55,14 +53,14 @@ $xml.SelectNodes("//publishProfile[@publishMethod=`"FTP`"]/@publishUrl").value
 
 ## Deploy files to Azure
 
-To deploy files to Azure with FTP:
+To deploy files to Azure with FTP/S:
 
-1. From your FTP client such as [Visual Studio](https://www.visualstudio.com/vs/community/), [Cyberduck](https://cyberduck.io/), or [WinSCP](https://winscp.net/index.php), use your connection information to connect to your app.
+1. From your FTP/S client such as [Visual Studio](https://www.visualstudio.com/vs/community/), [Cyberduck](https://cyberduck.io/), or [WinSCP](https://winscp.net/index.php), use your connection information to connect to your app.
 1. Copy your files and their directory structure to the [/site/wwwroot](https://github.com/projectkudu/kudu/wiki/File-structure-on-azure) directory in Azure or the */site/wwwroot/App_Data/Jobs/* directory for WebJobs.
 1. Browse to your app's URL to verify the app is running properly.
 
 > [!NOTE] 
-> Unlike [local Git deployment](deploy-local-git.md) and [ZIP deployment](deploy-zip.md), FTP deployment doesn't support build automation such as: 
+> Unlike [local Git deployment](deploy-local-git.md) and [ZIP deployment](deploy-zip.md), FTP/S deployment doesn't support build automation such as: 
 > - Restoring dependencies like NuGet, NPM, PIP, and Composer automation.
 > - Compiling .NET binaries.
 > - Generating a *web.config* file.
@@ -71,7 +69,7 @@ To deploy files to Azure with FTP:
 
 ## Enforce FTPS
 
-For enhanced security, you should enforce FTPS over TLS/SSL only. You can also disable both FTP and FTPS if you don't use FTP deployment.
+FTPS is a more secure form of FTP that uses Transport Layer Security (TLS) and Secure Sockets Layer (SSL). For enhanced security, you should enforce FTPS over TLS/SSL. You can also disable both FTP and FTPS if you don't use FTP deployment.
 
 To disable unencrypted FTP:
 
@@ -81,7 +79,7 @@ To disable unencrypted FTP:
 
 1. On the **General settings** tab of the **Configuration** page, under **Platform settings**, select **FTPS only** for **FTP state**. Or to disable both FTP and FTPS entirely, select **Disabled**.
 
-   ![Screenshot that shows setting FTP state to FTPS only.](./media/app-service-deploy-ftp/disable-ftp.png)
+   [ ![Screenshot that shows setting FTP state to FTPS only.](./media/app-service-deploy-ftp/disable-ftp.png) ](./media/app-service-deploy-ftp/disable-ftp.png#lightbox)
 
 1. If you select **FTPS only**, be sure TLS 1.2 or higher is enforced for **Minimum Inbound TLS Settings**. TLS 1.0 and 1.1 aren't supported for **FTPS only**.
 
@@ -105,58 +103,58 @@ Set-AzWebApp -Name <app-name> -ResourceGroupName <-resource-group-name> -FtpsSta
 
 -----
 
-## Troubleshoot FTP deployment
+## Troubleshoot FTP/S deployment
 
-- [How can I connect to FTP in App Service via passive mode?](#how-can-i-connect-to-ftp-in-azure-app-service-via-passive-mode)
+- [How can I connect to FTP/S in App Service via passive mode?](#how-can-i-connect-to-ftps-in-azure-app-service-via-passive-mode)
 - [How can I determine what method was used to deploy my app?](#how-can-i-determine-what-method-was-used-to-deploy-my-app)
 - [What can happen to my app during deployment?](#what-can-happen-to-my-app-during-deployment)
-- [What's the first step in troubleshooting FTP deployment?](#whats-the-first-step-in-troubleshooting-ftp-deployment)
-- [Why can't I FTP and publish my code?](#why-cant-i-ftp-and-publish-my-code)
+- [What's the first step in troubleshooting FTP/S deployment?](#whats-the-first-step-in-troubleshooting-ftps-deployment)
+- [Why can't I FTP/S and publish my code?](#why-cant-i-ftps-and-publish-my-code)
 - [Why does my connection fail when attempting to connect over FTPS using explicit encryption?](#why-does-my-connection-fail-when-attempting-to-connect-over-ftps-using-explicit-encryption)
 
-### How can I connect to FTP in Azure App Service via passive mode?
+### How can I connect to FTP/S in Azure App Service via passive mode?
 
 Azure App Service supports connecting via both active and passive modes. Passive mode is preferred because deployment machines are usually behind a firewall in the operating system or as part of a home or business network. For an example of a passive mode connection, see [The Connection Page (Advanced Site Settings dialog)](https://winscp.net/docs/ui_login_connection).
 
 ### How can I determine what method was used to deploy my app?
 
 You can find out how an app was deployed by checking the application settings under **Settings** > **Environmental variables** in the Azure portal. Select the **App settings** tab.
 
-- If the app was deployed using an external package URL, you see the `WEBSITE_RUN_FROM_PACKAGE` setting in the application settings with a URL value.
-- If the app was deployed using ZIP deploy, you see the `WEBSITE_RUN_FROM_PACKAGE` setting with a value of `1`.
+- If the app was deployed using an external package URL the `WEBSITE_RUN_FROM_PACKAGE` setting appears in the application settings with a URL value.
+- If the app was deployed using ZIP deploy, the `WEBSITE_RUN_FROM_PACKAGE` setting appears with a value of `1`.
 
 If the app was deployed using Azure DevOps, you can see the deployment history in the Azure DevOps portal. If Azure Functions Core Tools was used, you can see the deployment history in the Azure portal.
 
 <a name="what-can-happen-to-my-app-during-deployment"></a>
 [!INCLUDE [What can happen to my app during deployment?](../../includes/app-service-deploy-atomicity.md)]
 
-### What's the first step in troubleshooting FTP deployment?
+### What's the first step in troubleshooting FTP/S deployment?
 
-The first step for troubleshooting FTP deployment is distinguishing between deployment issues and runtime application issues.
+The first step for troubleshooting FTP/S deployment is distinguishing between deployment issues and runtime application issues.
 
-- A deployment issue typically results in no files or wrong files deployed to your app. You can troubleshoot by investigating your FTP deployment or selecting an alternate deployment path, such as source control.
+- A deployment issue typically results in no files or wrong files deployed to your app. You can troubleshoot by investigating your FTP/S deployment or selecting an alternate deployment path, such as source control.
 
 - A runtime application issue typically results in the right files deployed to your app but incorrect app behavior. You can troubleshoot by focusing on code behavior at runtime and investigating specific failure paths.
 
 For more information, see [Deployment vs. runtime issues](https://github.com/projectkudu/kudu/wiki/Deployment-vs-runtime-issues).
 
 ### Why can't I FTP and publish my code?
 
-Check that you entered the correct [hostname](#get-ftp-endpoint) and [credentials](#get-deployment-credentials). Check also that the following FTP ports on your machine aren't blocked by a firewall:
+Check that you entered the correct [hostname](#get-ftp-endpoint) and [credentials](#get-deployment-credentials). Check also that the following FTP/S ports on your machine aren't blocked by a firewall:
 
-- FTP control connection port: 21, 990
-- FTP data connection port: 989, 10001-10300
+- FTP/S control connection port: 21, 990
+- FTP/S data connection port: 989, 10001-10300
 
 ### Why does my connection fail when attempting to connect over FTPS using explicit encryption?
 
-FTPS allows establishing an Explicit or Implicit TLS secure connection.
+FTPS allows establishing an explicit or implicit TLS secure connection.
 
- - If you connect with Explicit encryption, the connection is established via port 21.
- - If you connect with Implicit encryption, the connection is established via port 990.
+ - If you connect with explicit encryption, the connection is established via port **21**.
+ - If you connect with implicit encryption, the connection is established via port **990**.
 
-The URL format you use can affect your connection success, depending on your client application. The portal might show the URL as `ftps://`, but if the URL you connect with starts with `ftp://`, the connection is implied to be on port 21. If the URL starts with `ftps://`, the connection is implied to be Implicit and on port 990.
+The URL format you use can affect your connection success, depending on your client application. The portal might show the URL as `ftps://`, but if the URL you connect with starts with `ftp://`, the connection is implied to be on port **21**. If the URL starts with `ftps://`, the connection is implied to be implicit and on port **990**.
 
-Make sure not to mix the settings, such as attempting to connect to `ftps://` by using port 21. This setting fails to connect even by using Explicit encryption, because an Explicit connection starts as a plain FTP connection before the `AUTH` method.
+Make sure not to mix the settings, such as attempting to connect to `ftps://` by using port **21**. This setting fails to connect even by using explicit encryption, because an explicit connection starts as a plain FTP connection before the `AUTH` method.
 
 ## Related resources