Hei @EnterpriseArchitect ,
Thank-you for contacting Microsoft Community.
It may help to host the application via Azure WebApp that is behind Azure FrontDoor. Azure Front door has a Web application firewall dedicated to HTTP traffic. Check out this architecture setup: https://learn.microsoft.com/en-us/azure/frontdoor/create-front-door-portal
If you still want to host the website on a VM, hope fully without public IP, the next decision is if you need multi region / global availability etc. Mirosoft has beautifully described a decision graph to help you with it. In your case the best decision is to use Azure Front door + Azure Load balancer, according to documentation.Read more: https://learn.microsoft.com/en-us/azure/architecture/guide/technology-choices/load-balancing-overview
Please mark this as answer if it helped