Overview:

A significant part of a website’s functionality often involves outbound connectivity to dependencies like database, API, etc. Azure App Services have default outbound connectivity to the public Internet using its pool of outbound IPs and a capability to integrate with a VNET to achieve connectivity into a private network, including on-prem.

Two options for VNET integration in multi-tenant App Service currently exist:

• Point-to-site VPN Gateway required VNET integration: https://docs.microsoft.com/en-us/azure/app-service/web-sites-integrate-with-vnet#gateway-required-vnet-integration
• Regional (preview) VNET integration: https://docs.microsoft.com/en-us/azure/app-service/web-sites-integrate-with-vnet#regional-vnet-integration
• (non-multitenant) ASE: https://docs.microsoft.com/en-us/azure/app-service/environment/app-service-app-service-environment-network-architecture-overview

I will not discuss these options in great detail here, but instead focus on how to troubleshoot general outbound connectivity issues to both public and private endpoints.