Web App should use private IP in a VNet with Service Endpoints
Remove the limitation that prevents us from using Web Apps with Service Endpoints to limit access to Azure SQL database.
Limitation is described here: https://docs.microsoft.com/en-us/azure/sql-database/sql-database-vnet-service-endpoint-rule-overview?toc=%2fazure%2fvirtual-network%2ftoc.json#limitations
"•A Web App can be mapped to a private IP in a VNet/subnet. Even if service endpoints are turned ON from the given VNet/subnet, connections from the Web App to the server will have an Azure public IP source, not a VNet/subnet source. To enable connectivity from a Web App to a server that has VNet firewall rules, you must Allow all Azure services on the server."
We are currently working on items that will enable service endpoints for multi-tenant App service. We will share the news of the features we deliver on the App Service Blog here: aka.ms/AppServiceBlog.
We also expect to speak about this topic at the Ignite conference in September in Orlando.
I am eagerly waiting for it.
Excellent news!! Will this feature allow outgoing WebApp traffic to be passed through a NVA with UDR rules?
Excellent!!! Have been getting around it by putting storage and sql in a different region than the app service and using public ip filtering.
I also support your idea and it should be raised. Visit https://geek-squad.us/webroot-geek-squad-support/
Absolutely. Your own document describes the required setup as "This ON setting is probably more open than you want your SQL Database to be."
critical requirement to not open up SQL databases more than necessary
I too support the request to fix this issue.
I support the request to fix this issue.