Hi
I had the same problem and opened a Microsoft Support ticket. There is a problem with "az webapp deploy --src-url": It actually doesn't go via ARM API, but directly to the scm endpoint of the web-app (which is blocked due to private endpoints).
There is a bug open to fix this: https://github.com/Azure/azure-cli/issues/21168
The solution is now not to use Azure cli command "az webapp deploy", but to call the ARM API directly with something like this:
az rest --method PUT --uri https://management.azure.com/subscriptions/${SUBSCRIPTIONID}/resourceGroups/${RESOURCEGROUP}/providers/Microsoft.Web/sites/${WEBAPP}/extensions/onedeploy?api-version=2022-03-01 --body '{"properties": {"type": "zip", "packageUri": ${ARTIFACTURL} }}'
This call will go via ARM and will not be blocked by your Webapp.