We have a multi-tenant application that utilizes a single app service with multiple (one for each customer) backend databases.
This currently works by adding custom domains on the app service to direct requests to the correct database. We want the application to respond only to secure requests, so we need to bind the custom domains to SSL. Because we want the added security of Frontdoor, we also need to point the DNS there, and this is the start of the challenges we have with deployment.
To get a custom domain to correctly bind to a SSL certificate, we are currently having to setup a cname in DNS for the specific customer. Once the custom domain is added to the app service and bound to SSL (and verified by the app service), we can then change the cname in DNS to point at Frontdoor and complete the setup by adding a Frontdoor frontend and linking it to the correct backend pool.
We need custom domains on app services to ensure requests end up in the right place but its a pain having to separately verify each individual subdomain - ideally we would like to somehow verify them against a wildcard instead of individual DNS entries.