Web App should use private IP in a VNet with Service Endpoints
Remove the limitation that prevents us from using Web Apps with Service Endpoints to limit access to Azure SQL database.
Limitation is described here: https://docs.microsoft.com/en-us/azure/sql-database/sql-database-vnet-service-endpoint-rule-overview?toc=%2fazure%2fvirtual-network%2ftoc.json#limitations
"•A Web App can be mapped to a private IP in a VNet/subnet. Even if service endpoints are turned ON from the given VNet/subnet, connections from the Web App to the server will have an Azure public IP source, not a VNet/subnet source. To enable connectivity from a Web App to a server that has VNet firewall rules, you must Allow all Azure services on the server."
Absolutely. Your own document describes the required setup as "This ON setting is probably more open than you want your SQL Database to be."
critical requirement to not open up SQL databases more than necessary
I too support the request to fix this issue.
I support the request to fix this issue.