Hi @Sandeep Wadhwa , thanks for your patience. I received the reply from product group.
So order of operation for ARM template and Portal is different.
In Portal, we can set the 'Allow Access to Azure Service' to 'yes' and then 'Deny Public Network Access' to 'yes'.
In ARM, firstly 'Deny Public Network Access' is set and then if we try setting up 'Allow Access to Azure Service', it will give error as it is not allowed even from portal.
Also the team tried below steps:
- Set Allow Access to Azure Services to Yes
- Connected from Azure VM successfully
- Set Deny Public Network Access to Yes
- Connection from Azure VM failed. (which is the right behavior)
So as per them, if we enable 'Deny Public Network Access', we cannot connect without end private endpoints. PG is suggesting to open a support ticket to have a better look on your case.
Could you please check again if the webapp is connecting without private endpoints before you raise any support ticket?