How to enable/disable the publicNetworkAccess of App Service and what is the meaning of its default value 'null'

Question

Hi, I'm trying to create a policy to monitor some properties of Azure App service that enables publicNetworkAccess. After research I didn't find a way to setup this property. From the document https://learn.microsoft.com/en-us/azure/templates/microsoft.web/sites?tabs=bicep it is clearly that the property is exist and the default value is null, but it doesn't make sense to me, what is the meaning of 'null'? Because from my perspective the publicNetworkAccess is either enabled or disabled. Anyone can help? Thanks

Answer 1

Hello anonymous user

You are right Azure App service has option publicNetworkAccess that has default option null in Resource Explorer.
Resource Explorer treat null as if the property isn't present, no publicNetworkAccess option was set in Bicep or ARM template. In this case publicNetworkAccess is not active
https://learn.microsoft.com/en-us/azure/azure-resource-manager/templates/template-expressions#null-values

You can use existing policies that will prevent App Service Apps to have access from the Internet.

• Configure App Services to disable public network access
• App Services should disable public network access

Answer 2

When null, it is actually conditional. If there is no private endpoint, then it allows public access. If there is a private endpoint to the web app, then public access is denied. It may be beneficial for you to explicitly set this to Enabled or Disabled to ensure you get a consistent and expected action regardless of private endpoints.

Answer 3

Hi @Andriy Bilous the publicNetworkAccess in this doc https://learn.microsoft.com/en-us/azure/templates/microsoft.web/sites?tabs=bicep means "Property to allow or block all public traffic.". Could you please tell it allow or block all public traffic when this property is null?