Hi @Daniel Gauer - I did a little digging on this
My advice would be to look at container apps, if you need more then you could look at AKS/K8S (which would give more control at the cost of increase cost and complexity, significant learning curve)
Container apps supports TCP ingress, it's using envoy which (and I'm quoting) "at it's core is a L3/4 network proxy"
The IP Container Apps Env VIP (public IP) address will be static for the lifetime of the Environment - which is going to be important in your case
You don't say how you're doing auth for your devices connecting, but Container Apps supports mTLS in this scenario
One thing to be clear about here: The Envoy ingress here is using port number to route to the underlying POD (Excuse me app :) ) which means you always connect on [Env IP]:[port] where the IP is always going to be the same and the port differentiates endpoints
I would use custom public DNS name , not hard coded IP in the device config
*---
*
For the other options, container instances is really about bringing individual containers up and down on demand - a good example might be bringing up an SFTP endpoint at a certain time of day for a customer to connect then spinning it down.
Az Web apps and functions (not serverless) follow a web farm architecture - so whilst it does support containers , it's not an orchestrator and it's not really suitable (IMHO) for TCP ingress type workloads.
AKS/K8S would work - but again its a steep learning curve and complex. You do get complete control though.
I am sure you've seen it but there's a doc here that goes through comparison
If this helps you please mark as accepted as this helps others too