State or territory for app service domain registration in Azure

Categories: Azure
Some things in Azure are harder than they should be. Here we are discussing why "state or territory" as part of your contact information during an app service domain registration is not so straightforward, and how we can pass validation when creating a new app service domain.

The problem

Registering a new app service domain on Azure is fairly straightforward. You enter the subscription, the resource group, the domain and your contact information.

You can choose to privatize your contact information, in which case your contact info is owned by and replaced in WHOIS.

You can also create an app service domain with an ARM template. Doing this via the Azure Resource Explorer is easy. I recommend checking the template + parameters that you can download in the review + create step in the Azure portal.

This works quite well, however there is one problem: the state or territory is not free text and will most likely not pass validation if you enter the full name. You will see the following error message during validation:

Doing the domain registration with an ARM template results in the same error:

Why does this happen?

Looking at the ICANN resources, the reason why this happens is because the state or territory has to match a ISO 3166-2 subdivision category code. You can easily find the subdivision code for your state or territory here: But wait, we’re not done yet! Apparently when doing the domain registration via Azure we have to omit the Country code. The state has to exist in the country, and it should not be a parent subdivision (e.g. Vlaams Gewest is not accepted).
Examples of valid information:

Examples of invalid information:

This all makes sense when you know it. However I could not find any articles that talk about this. Not even the Bicep & ARM documentation specifies these rules and I believe this could be much better documented.

Final notes

You can own up to 20 app service domains per Azure subscription at a time. If you delete the resource (or click “cancel purchase” in the resource overview, which is equivalent) within 5 days then you will not be charged. Also, if you accidentally delete an already purchased domain you can recreate it and will not be charged if you do so within 7 days of deletion. Interestingly, some of the validation rules (like the one discussed here) are completely disregarded when recreating it! This is most likely because the domain has not started the deletion process yet and just gets "reactivated".