How to deploy war files from azure DevOps private build agents to azure web app (Private Endpoint is raised already for the web app)

Surya Prakash 1 Reputation point

HI All,

I have two web apps in my subscription for which two Private endpoints are raised for preventing the public access. Now When I am trying to deploy the application war files to these web apps from my azure DevOps pipeline with self hosted build agents, I am getting the following error:
[error]Failed to deploy web package to App Service.
[error]Error: Error: Failed to deploy web package to App Service. Ip Forbidden (CODE: 403)

How to enable my pipelines to deploy war files to these web apps? Is there any workaround for this scenario?

usually after configuring DNS for the web app, I should able to connect from pipeline. But we don't have that chance to wait till this happens.
Please note that we haven't configured any custom DNS as of now. So I am not even able to open webapp.scm from my browser. I am getting 403 error not found.

Azure Virtual Network
Azure Virtual Network
An Azure networking service that is used to provision private networks and optionally to connect to on-premises datacenters.
2,038 questions
Azure Private Link
Azure Private Link
An Azure service that provides private connectivity from a virtual network to Azure platform as a service, customer-owned, or Microsoft partner services.
438 questions
Azure App Service
Azure App Service
Azure App Service is a service used to create and deploy scalable, mission-critical web apps.
6,535 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Ryan Hill 24,546 Reputation points Microsoft Employee

    @Surya Prakash ,

    I'm assuming that the Private Endpoint you're referring to is Whether your build agent is hosted on-prem with configured VPN or hosted in an Azure VM that's part of your configured vnet or peered, make sure your firewall is configured to allow traffic from document endpoints:


    EDIT: Furthermore, you can check for additional troubleshooting steps that may be preventing deployment to your Private Endpoint. Even though this doc is referring to ASE, it also applies to Private Endpoint.