@specialsnowflake I had discussion internally and below is the response I got:
As noted earlier – the private link scenario isn’t supported yet on App Service. And beyond we’re working on it and hope to land it sometime between now and end of June, there is not a more specific ETA.
What the customer might be seeing is one of the pool of outbound IP addresses used the App Service scale unit where the app is running. You can adding all of the outbound IP addresses associated with the app to their address allow list in ACR.
When looking at your outbound addresses you will see that there are two sets. If you look in your app Properties you can see them or use the command line items referred above.
When you set up a firewall though, use the Additional Outbound IP Addresses or possibleOutboundAddresses, however it shows up. It is the superset of what is possible for your app to use. That way if you scale it up or down across SKUs, it will still work.
Hope it helps!!!
Please "Accept as Answer" if it helped so it can help others in community looking for help on similar topics