Service Endpoints for Microsoft.Web: Secure access between App Gateway and Web Apps

A recent addition to Service Endpoints support is Microsoft.Web. Exactly as Service Endpoints for Azure Storage and Azure SQL allowed private access from a subnet to those PaaS services, Microsoft.Web Service Endpoints finally allows simple secure access to a backend App Service.

There are two parts to this setup:

  • Service Endpoints for Microsoft.Web must be enabled on the Application Gateway’s subnet
  • This subnet must be whitelisted in the Access Restrictions configuration for the backend Web App