Securely access to the Azure App Service using Private Link

3 min readMar 25, 2020

Hey everyone, I hope you are doing well. Recently Azure released a set of Private Links for Azure Services as you can check here.

In addition, they added some new services on preview, such as App Service ! What does it mean ? Well it means as below :

We can get a private access to the App Service through the private link. Which means that you can get a private Ip address to your App Service rather than a public shared one. As we talked in the previous posts of the Private Link, this will help you to get out from the internet (Isolation from the internet) !

How can we do this ?

First create the App Service as below

Then Create a Private Link. Until now, the Private Link is available only in East US and West US 2 .

Then fill the form. You can find the private link for the APP Service and the SCM.

If you try to access to the Web App after enabling the private link, you get :

Some notes to remember :
Private Links for the App Service are only available (until now the March 24th 2020) on East US and West US 2.
Private Link secures the inbound traffic to your App Service. Note that you will get a private IP Address for each App Service you got. Thing that we don’t have with the ASE that can host too many App Service behind the same Private IP Address.
Security guys will tell you that they want to secure the outbound traffic too. The Private Link secures the inbound traffic only. Using it alone won’t to stop me to do such a scenario :

To secure the outbound, you need to activate the Regional VNet Integration. By configuring it, you can benefit of some networking features such as NSGs or UDRs :