A recent addition to Service Endpoints support is Microsoft.Web. Exactly as Service Endpoints for Azure Storage and Azure SQL allowed private access from a subnet to those PaaS services, Microsoft.Web Service Endpoints finally allows simple secure access to a backend App Service.
There are two parts to this setup:
- Service Endpoints for Microsoft.Web must be enabled on the Application Gateway’s subnet
- This subnet must be whitelisted in the Access Restrictions configuration for the backend Web App