Glad it helped

Glad you enjoyed it! Thank You!

Thanks for watching Sathish. Sure 👍, I have plans for the same and I will be creating more videos for everyone to benefit.

You are very welcome. That is so kind of you :)

As the Endpoints are enabled on subnets configured in Azure virtual networks, they can't be used for traffic from your on-premises to Azure services over public internet. When you say you have an app gateway, do you mean it is enabled for service endpoints from within vNet? I am asking because Service Endpoints can't be enabled for app gateway. In case that is not the case, you can have users reach the PaaS service behind service endpoints from App Gateway by configuring the backend pool to reach the service's private IP addresses. Hope this helps.

Hello Kalyan, In case you wish to restrict public access, I would suggest you to go with Private endpoints. Also, you can implement access restriction from inside Networking under settings inside App Services. There is also another Networking link, which is in Preview. This will also help in performing access restrictions. When you use Private Endpoints, you will have to create the Private DNS Zone. Refer to Microsoft Docs on Private DNS Zone and Private Links. Hope this helps.

Good Thought! Azure AD Domain Service acts as a DNS Server and is a replacement for the internal default DNS Server. Azure DNS Private Zone also provides the DNS functionality. What you have mentioned should ideally work, but I have not tested it myself.

@@AzureTrainingSeries It works well with Azure DNS Private Zone . Add A record for your private Endpoint URL in DNS private Zone .I have tested also.

First, accept my apologies for responding late. I was traveling for business and did not have time to respond to the queries posted here. Yes, each resource can have their own Private IP address. Then you can go to the resource and define what all resources can connect to it. You can also have service endpoints defined for the subnet having the resources with private IP address within it's range. Hope it helps.

Thank you! Cheers!

Hi Vivek, Apologies for the delayed response as I was in a training. I have understood your question, but unfortunately, I have not undergone that use case. I will try to replicate your scenario and will then respond to your query. Meanwhile, can you please share more on your implementation steps?

Please accept my apologies for the delayed response. I was not well. To start with, Virtual Network (VNet) integration for an Azure service enables you to lock down access to the service to only your virtual network infrastructure. It provides Azure services the benefits of network isolation. Azure services with Private Endpoint allows only inbound access. For the outbound calls, VNet integration is needed. PE only brings your Azure resource within your VNet and enforces inbound access policies. So in essence, it does use the other IP address to access resources withig the same VNet.

Hello Sagar, you can use the Set-AzureRmAppServicePlan command to do that. Now you can use the Az module instead of AzureRm module. You will have to do some research on that part. Hope this helps.

Thanks for watching the video. That's a good question and a tricky one. There is a very good documentation from Microsoft explaining the networking features. Below is the link to the same. Also, If you click on the properties for the app services web app, it shows the outbound IP addresses as well as additional outbound IP addresses. docs.microsoft.com/en-us/azure/app-service/networking-features Hope this helps. Please let me know. Regards, Neeraj

Thank you so much for your feedback, Rahul. I will definitely keep that in mind going forward.

Virtual Network integration provides network isolation for your Azure service and is needed when you wish to lock down access to that service to only your virtual network infrastructure. When we say Virtual Network Infrastructure, it also includes the peered virtual networks and on-premises networks. It also enables access from your Azure services to the resources within the virtual network infrastructure. VNet integration provides Azure services the benefits of network isolation and one of the ways to accomplish is by using Private Endpoints. Hope it is clear now.

@@AzureTrainingSeries thanks!

Great question. You are right. We can have a single subnet, but it is better to have separation of concerns, meaning, different types of resources have different subnets. This helps in multiple ways. One example could be in case for subnets having VMs you may wish to implement NSG with certain set of security rules, which might not be needed for other resources.. It also makes it easier to manage as you are aware which subnet belongs to which resource. Hope this helps

@@AzureTrainingSeries got it, thank you!

Hello Anmol, what you have suggested makes complete sense and is possible and we can register our application, but for scenarios where we do not have the S2S/P2S setup, it will not work as we do not want to have a public endpoint. Also, in my case, the application does not have AD authentication, it has Forms Based Authentication. Hope it helps.

Hello, Although no one has ever reported issues, but everyone's situation is unique :) Wanted to check how are you deploying your application. Can you confirm if you are also connected to the VPN when deploying the app?

@@AzureTrainingSeries Thank you for the quick response. No, I'm not using vpn while deployment.

Sure. Thanks for the feedback.

Thank you for your feedback. I will keep this in mind from next time onwards.