@Kieron Lanning , Thank you for the question. You can use Azure Front Door Service and associate the Kubernetes ingress-controller Service External IP as a backend to it. You can find an example here. On the AKS cluster NSG(s) modify the Allow Inbound rule with destination as your application's External IP and Port with Source Service Tag as AzureFrontDoor.Backend. Thus, Azure Front Door will act as a proxy and only the FQDN specified on the Azure Front Door can be used to connect to the backend service (due to the NSG rule). If you try to access the External IP of the service directly over the Internet then it will fail as NSG rule allows only Azure Front Door backend to access the External IP on the specified Port. For more information please refer to this article.
Hope this helps!
Please "Accept as Answer" if it helped, so that it can help others in the community looking for help on similar topics.